Tecnically SSL on your sites it’s not requested, but it is strongly adviced:
Your life becomes easier if sensitive cardholder data does not hit your servers. You can let us take care of the hardest parts of PCI compliance, like redacting logs and encrypting cardholder details. You should still support https on your website.
All submissions of payment info using Checkout are made via a secure HTTPS connection. However, in order to protect yourself from certain forms of man-in-the-middle attacks, we suggest that you also serve the page containing the payment form with HTTPS as well. This means that any page that a Checkout form may exist on should start with https:// rather than just http://.