On 15 March 2026, a change took effect that every Australian business operating a website needs to understand. The CA/Browser Forum — the industry body that sets rules for how SSL/TLS certificates are issued and trusted — reduced the maximum valid lifespan of publicly trusted certificates from 398 days (roughly 13 months) to 200 days (roughly six and a half months). This is the first in a series of mandated reductions that will ultimately bring certificate lifespans down to 47 days by March 2029.
For Australian businesses that have been renewing their SSL certificate once a year and treating it as a low-priority administrative task, this change is operationally significant. Renewal frequency has effectively doubled immediately, and will double again by 2027. Businesses that continue to manage SSL certificates manually — through calendar reminders and one-off purchases — are now at meaningful risk of certificate expiry causing their websites to display browser security warnings, block visitor access, and trigger de-indexing signals in Google Search.
This guide explains what SSL certificates are, how Sectigo’s DV, OV, and EV options compare for Australian businesses, what the 2026 lifespan changes mean in practice, and why ANP Technology — as an authorised Sectigo partner in Australia — is the right local supplier for your certificate needs.
What Is an SSL Certificate and Why Does Every Australian Website Need One?
An SSL (Secure Sockets Layer) certificate — more accurately called a TLS certificate in modern usage — is a digital credential that does two things: it encrypts data transmitted between a user’s browser and your web server, and it provides a verifiable identity signal that your website is what it claims to be.
When a website has a valid SSL certificate installed, the browser address bar shows a padlock icon and the URL begins with HTTPS rather than HTTP. Without a valid certificate, modern browsers — Chrome, Safari, Firefox, and Edge — display a ‘Not Secure’ warning that many users interpret as a reason to leave the site immediately.
For Australian businesses, SSL is not optional for two reasons beyond user trust:
- Privacy Act 1988 and the Notifiable Data Breaches (NDB) scheme require organisations to take reasonable steps to protect personal information. An unencrypted website collecting any user data — contact forms, login credentials, payment details — is not taking reasonable steps and creates direct regulatory exposure.
- Google’s ranking algorithm has explicitly favoured HTTPS websites since 2014, and the ‘Not Secure’ warning now displayed on HTTP pages by Chrome creates an immediate conversion and trust barrier for any business relying on web traffic.
SSL vs TLS: What Is the Difference?
SSL (Secure Sockets Layer) is the original protocol, but it was deprecated in 2015 due to security vulnerabilities. TLS (Transport Layer Security) is the current standard — TLS 1.2 and TLS 1.3 are what all modern websites use. Despite this, the term ‘SSL certificate’ has persisted in common usage and refers to what is technically a TLS certificate. When ANP Technology or Sectigo refers to an SSL certificate, it means a TLS certificate. The distinction matters technically but not practically for most Australian businesses purchasing website security.
What Happens If Your SSL Certificate Expires?
When an SSL certificate expires, browsers immediately display a full-page security warning to any visitor attempting to access the site. The warning is designed to be alarming — it requires users to actively bypass it to proceed, and most do not. The practical effect is that an expired certificate stops website traffic almost entirely until the certificate is renewed and reinstalled. For e-commerce sites, this means lost sales. For professional services firms, it means lost enquiries. For any business that has invested in SEO, it triggers signals that can damage search rankings that take months to recover.
With the March 2026 reduction in certificate lifespans to 200 days, the risk of certificate expiry has increased for any business that does not have an automated renewal process in place.
SSL Certificate Validity in 2026: The Phase-Down Timeline
The CA/Browser Forum — whose members include Sectigo, DigiCert, Google, Apple, and Mozilla — approved a ballot in April 2025 that mandates a phased reduction in SSL/TLS certificate validity periods. The rationale is security: shorter-lived certificates reduce the window of exposure if a private key is ever compromised, and they force more frequent re-validation of domain and organisation identity. The roadmap is as follows:
| Effective Date | Maximum Certificate Validity | Domain Validation Reuse | Action Required |
| Before 15 March 2026 | 398 days (~13 months) | 398 days | No immediate change |
| 15 March 2026 | 200 days (~6.5 months) | 200 days | Review renewal processes; consider automation |
| 15 March 2027 | 100 days (~3.5 months) | 100 days | Automation effectively mandatory for most businesses |
| 15 March 2029 | 47 days (~6 weeks) | 10 days | Manual renewal is operationally unsustainable |
The practical implication for Australian businesses is clear: manual SSL certificate management — the approach where someone sets a calendar reminder and purchases a renewal each year — becomes increasingly untenable. By March 2027, certificates will need to be renewed every three and a half months. By March 2029, every six weeks.
Sectigo’s Certificate Lifecycle Management (CLM) platform automates issuance, renewal, and deployment of certificates across your infrastructure. For businesses managing more than a handful of certificates — or those operating e-commerce, SaaS, or multi-domain environments — CLM is not a nice-to-have; it is the operational answer to the 2026-2029 phase-down. ANP Technology can implement Sectigo CLM as part of your certificate management strategy.
DV, OV or EV: Which Sectigo Certificate Is Right for Your Business?
| Your Situation | Recommended Certificate | Reason |
| Personal website, blog, or portfolio | Sectigo DV | Encryption is all you need; no business identity verification required |
| Small business website (no payments, no logins) | Sectigo OV | Shows your business is verified; builds trust without the overhead of EV |
| E-commerce site accepting card payments | Sectigo OV or EV | OV is the minimum; EV adds maximum trust signals for checkout conversion |
| Financial services, accounting, or legal firm | Sectigo EV | Client data sensitivity and regulatory expectations justify highest validation |
| Multiple subdomains (e.g. mail, shop, portal) | Sectigo Wildcard DV/OV | One certificate covers *.yourdomain.com.au — simpler management, lower cost |
| Multiple separate domains | Sectigo Multi-Domain | One UCC/SAN certificate covers up to 250 domains — avoids managing many individual certs |
| Internal tools, dev/staging environments | Sectigo DV | Full validation not required for internal use; DV provides encryption at lowest cost |
The most common mistake Australian businesses make is selecting a DV certificate for a public-facing commercial website simply because it is cheapest and fastest to obtain. DV certificates provide encryption but no business identity verification — a phishing site can obtain a DV certificate as easily as a legitimate business can. For any Australian business asking visitors to trust its website with personal data, a contact enquiry, or a purchase decision, OV is the appropriate baseline.
Next Steps
Choosing the right SSL certificate for your Australian business is straightforward once you understand what each validation level provides and what your website is asking visitors to trust you with. The upcoming validity phase-down makes it the right time to also review how you are managing certificate renewals — particularly if you operate multiple domains or are preparing for the Sectigo CLM automation transition.
ANP Technology can advise on certificate selection, manage the issuance and installation process, and implement renewal automation to ensure your certificates never expire unnoticed. Contact ANP Technology to purchase a Sectigo SSL certificate, request a certificate audit for your domain portfolio, or discuss automated certificate lifecycle management for your organisation.
