You might be able create your own certificate using your fully qualified domainname as the Common Name. They might even have OpenSSL already installed somewhere on each box. Wouldn’t hurt to ask.
Web browsers will alert users with a popup notifying them the certificate hasn’t been signed by a “recognised authority” or somesuch (you’re not a bank so who cares?) but if you used your domainname as the CSA during certificate creation then yourwebsite.com will be shown - and we can safely assume your users would know where they are anyway. If they choose to Import the certificate they won’t be bugged with the popup again, if they don’t they’ll just need to click Accept on each visit. No big deal really.
Having said that, I’m new here and am as yet not fully aware of how things work in the DH environment but I’m sure one of the regulars would be able to fill in any details regarding the cans and can’ts of SSL here.