Domain Expiry Monitoring: Why It Matters & How to Set It Up
Domain expiry is one of the most overlooked risks in web infrastructure. Unlike SSL certificates — which cause visible browser errors immediately — an expired domain can take down your entire business: your website, email, and all associated services go dark simultaneously. High-profile examples include Microsoft's hotmail.co.uk, Foursquare, and even government agency domains that lapsed due to administrative oversight.
What Happens When a Domain Expires?
Day 0 – Expiry
The domain registrar marks the domain as expired. DNS records typically stop resolving within hours. Your website, email, and all services become unreachable.
Day 1–30 – Grace Period
Most registrars provide a grace period (usually 0–45 days). You can renew at the normal price. The domain may still display a parked page from the registrar.
Day 30–60 – Redemption Period
If not renewed during the grace period, the domain enters "redemption." Renewal is possible but typically costs $100–$200 in redemption fees on top of the annual fee.
Day 60–75 – Pending Delete
The domain enters pending deletion. You can no longer renew it. It will be released for public registration within 5 days.
Day 75+ – Public Registration
The domain is released and available for anyone to register — including competitors, domain squatters, and phishing actors who may impersonate your brand.
Real-World Domain Expiry Incidents
Domain expiry is not just a small-business problem. Notable incidents include:
- •Microsoft (hotmail.co.uk, 1999) — An employee failed to renew the domain, taking Hotmail's UK email offline. The domain was re-registered by someone else before Microsoft could recover it.
- •Foursquare — Their domain expired briefly in the mid-2010s, taking the entire app offline during peak usage hours.
- •Government agencies — Multiple national government sites, including some in the UK and Australia, have had domains lapse due to departmental budget or administrative failures.
Why Domain Expiry Is Harder to Track Than SSL
SSL Certificate Expiry
- • Visible to monitoring tools via TLS handshake
- • Shows in browser as "Not Secure"
- • 90-day cycle forces frequent attention
- • Certificate Transparency logs provide visibility
Domain Expiry
- • Only visible via WHOIS lookup
- • Annual renewal — easy to forget
- • Registrar reminder emails go to spam or old accounts
- • Credit card on file may expire before domain does
Reading WHOIS Data for Expiry Dates
WHOIS records contain the domain expiry date, but the format varies by registrar and TLD:
# Check domain expiry via command line whois example.com | grep -i "expir" # Common WHOIS expiry field names: # Registry Expiry Date: 2027-03-15T12:00:00Z # Expiration Date: 15-Mar-2027 # Registrar Registration Expiration Date: 2027-03-15 # Use our WHOIS lookup tool for a clean interface: # https://certnotify.com/tools/whois-lookup
Note: WHOIS privacy services (common for .com, .net domains) may hide the exact expiry date. For gTLDs, RDAP (Registration Data Access Protocol) is replacing WHOIS and provides standardised, machine-readable data.
How to Set Up Domain Expiry Monitoring
Inventory all your domains
Create a spreadsheet of every domain you own or manage. Include the registrar, expiry date, and auto-renewal status. Do not forget subsidiary domains, regional ccTLDs, and typo-squatting defensive registrations.
Enable auto-renewal everywhere possible
Every major registrar supports auto-renewal. Enable it for all domains and ensure the payment method on file is current. Auto-renewal is your first line of defence — monitoring is your safety net.
Set up automated monitoring with early alerts
Manual tracking fails. Use a monitoring service that checks WHOIS daily and sends alerts at 90, 60, 30, 14, and 7 days before expiry — not just once.
Use multiple notification channels
Registrar email reminders fail — they go to old email addresses, spam folders, or departed employees. Add secondary alerts via WhatsApp or webhook to a team channel.
Document renewal ownership
Who is responsible for renewing each domain? Document this explicitly. "Everyone" means no one. At least two people should receive expiry alerts for every critical domain.
Domain Expiry Alert Timeline (Best Practice)
| Days Before Expiry | Action | Priority |
|---|---|---|
| 90 days | Verify auto-renewal is enabled and payment is valid | Informational |
| 60 days | Review and confirm renewal plan | Low |
| 30 days | Manually trigger renewal if auto-renewal is not confirmed | Medium |
| 14 days | Escalate to engineering lead if not yet renewed | High |
| 7 days | Emergency renewal — contact registrar directly if needed | Critical |
Never miss a domain renewal again
CertNotify monitors domain expiry via daily WHOIS lookups and sends alerts via Email and WhatsApp at 90, 60, 30, 14, and 7 days before expiry — for free.