You can configure your captive portal profile on the controller to not require HTTPS and also configure CP Guest to do the same. Alternatively you can install a publically trusted certificate.
Controller:
aaa authentication captive-portal "<Your-CP-Profile>"
protocol-http
login-page "http://hostname/guest/guest_page.php"
ClearPass Guest:
Configuration --> Authentication