Client Domain Expired: What to Do in the Next 24 Hours

Your client calls because their site is down, or you receive an alert and investigate. The site is not returning an SSL warning — it is not returning anything. DNS is not resolving. The cause is a lapsed domain registration. Not an SSL certificate issue, not a hosting failure: the domain itself was not renewed and has now expired.

This is a distinct class of failure. SSL expiry triggers a browser security warning that technically allows access. Domain expiry removes the site entirely — DNS stops resolving, email delivery fails, and the domain may eventually become available to anyone on the open market. Recovery is time-sensitive in a way that SSL recovery is not.

Here is the immediate sequence.

Immediate Diagnosis: Confirm It Is Domain Expiry

Before you start the renewal process, confirm the cause. Three failure modes produce a site that will not load: SSL expiry, hosting failure, and domain expiry. The symptoms differ.

DNS lookup returns nothing or NXDOMAIN. Run a DNS lookup on the domain. If you get NXDOMAIN (non-existent domain) or no records at all, the DNS is not resolving — which is characteristic of domain expiry, not SSL or hosting issues. An expired SSL certificate still resolves DNS; a downed host usually still resolves DNS. NXDOMAIN points directly at the domain layer.

WHOIS shows an expiry date in the past. Look up the domain in WHOIS. The expiry date field will show a date that has already passed. This is definitive confirmation.

Browser shows DNS_PROBE_FINISHED_NXDOMAIN. In Chrome, a domain that does not resolve shows DNS_PROBE_FINISHED_NXDOMAIN. An expired SSL certificate shows ERR_CERT_DATE_INVALID with an option to proceed. If you are seeing the former, you are dealing with domain expiry.

Once confirmed, move immediately to the recovery sequence.

The Recovery Timeline for Expired Domains

Domain expiry has three distinct phases, and which phase you are in determines both the cost and the speed of recovery.

Within the registrar's grace period (typically 0–30 days after expiry). The domain has expired but the registrar has not yet released it. During this period, the domain can be renewed directly through the registrar control panel at the standard annual renewal price. Recovery is straightforward: renew the domain, DNS propagation restores the site, typically within a few hours. Most registrars provide at least 30 days in this phase, though the exact window varies.

After the grace period — the redemption period (typically 30–75 days after expiry). Once the grace period ends, the domain enters ICANN redemption status. The domain still exists in the registry but cannot be renewed at the standard price. Registrars charge a redemption fee, typically £40–£150 or $50–$200 depending on the registrar and TLD. Recovery takes 1–5 business days. This is painful but recoverable.

After the redemption period (75–80+ days after expiry). The domain enters "pending delete" status and is then released for public registration — usually within a few days of hitting this phase. Once deleted, any party can register the domain. If someone else registers it before you, the client has lost the domain. Recovery at this point means either negotiating a purchase from whoever registered it, or accepting that the original domain is gone.

The longer it has been since expiry, the more urgent the situation. Check the WHOIS expiry date and calculate where you are in this timeline before contacting the client.

Who Controls the Domain

Before you can renew, you need access to the registrar account. The answer to who controls it determines the next step.

The agency manages the domain. If the domain was registered under an agency account, renew it immediately through the registrar control panel. Do not wait for client approval on renewal — the cost is immaterial relative to the incident. Renew first, discuss later.

The client owns the registrar account. Contact the client, explain the issue, and request either their login credentials or that they log in and process the renewal themselves, with you on the call or available for immediate confirmation. The sooner the renewal is processed, the sooner DNS propagates.

The client has lost access to the registrar account. This is the most difficult scenario. If the client has changed email addresses, lost access to the original inbox, or cannot recover the password, the registrar will require identity verification. This process typically takes 2–5 business days and involves submitting identification documents to the registrar's support team. There is no shortcut. Begin the process immediately and set expectations with the client accordingly.

In parallel with accessing the account, confirm which payment method is attached. Expired payment methods are a common reason domain auto-renewals fail silently.

What to Tell the Client While the Site Is Down

Keep it direct and specific. Avoid hedging, do not speculate on root causes before you have confirmed them, and do not project blame in the first communication.

A usable script: "Your domain registration lapsed. I am working on renewing it now. Once the renewal processes, DNS propagation will take up to a few hours to restore the site fully. Realistic timeframe for full restoration: [specific estimate]. I will update you by [specific time]."

Do not say "something went wrong with your domain" — that is vague and unhelpful. Do not say "this should not have happened" unless you can explain exactly why it did and what is changing to prevent recurrence. Do not speculate on whether the expiry was the client's responsibility or the agency's until you have reviewed the account setup.

If you are going to be managing the renewal process, confirm that with the client in the same message so they are not attempting to log in to the registrar simultaneously. Parallel actions cause confusion.

After Recovery: Audit the Whole Portfolio

Once the domain is restored and DNS has propagated, do not move straight to the next task. Use the incident as a prompt to audit every client domain in your portfolio.

Check renewal dates across all domains you manage or have visibility into. Identify which are set to auto-renew and which require manual renewal. For auto-renewing domains, verify that the attached payment method is current — an expired card means auto-renewal will fail silently, often without any notification until it is too late.

Map which domains are managed under agency accounts versus client accounts. For client-managed domains, confirm that you have visibility into renewal dates even if you do not control the account. If you do not have that visibility, request it now.

Document any domains that are within 60 days of expiry and flag them immediately.

The Preventive System

A single incident of this type is recoverable. A pattern of incidents is a process failure.

The minimum monitoring setup for agencies: domain expiry alerts configured per client, firing at 60 days, 30 days, and 7 days before expiry. Alerts should route to an account manager at the agency, not only to the client's registered email address. Client email addresses change, inboxes get ignored, and the client may not understand the urgency of a domain renewal notice.

Annual review of payment methods attached to auto-renewing domains — put it in the calendar. And for any domain that requires manual renewal, the 60-day alert should trigger a renewal task, not just a reminder.

This incident was preventable. The systems to prevent it are straightforward to set up and cost a fraction of the time spent managing the recovery.