Monitoring Shopify Client Sites for Agencies: SSL, DNS, and Vendor Outages

Shopify's hosted infrastructure eliminates most server-level monitoring concerns. There is no server to patch, no PHP version to manage, and no database to back up. For agencies coming from a WordPress or custom-development background, the shift feels like a reduction in operational surface area.

It is not a reduction. It is a redistribution. Shopify agencies face a distinct set of failure modes — in custom domain configuration, checkout reliability, and third-party app dependencies — that generic monitoring tools are not built to surface.

Custom Domain SSL on Shopify

When an agency connects a custom domain to a Shopify store, Shopify provisions an SSL certificate for that domain through its own infrastructure. The process is automated and, when it works, invisible. When it does not work, the failure is often invisible as well — until a client reports that their site is showing a security warning.

The failure modes for custom domain SSL on Shopify are specific:

DNS not correctly pointed to Shopify's servers. Shopify requires specific DNS records — either CNAME records pointing to shops.myshopify.com or, for apex domains, A records pointing to Shopify's IP addresses. Missing records, incorrect record types, or old records from a previous platform left in the DNS zone prevent the SSL certificate from being provisioned. The store may appear to load over HTTP but not HTTPS, or may load inconsistently depending on which DNS server a visitor is using.

Certificate provisioning delay after initial connection. When a domain is first connected to Shopify, there is a provisioning window — typically a few hours — during which Shopify is issuing and deploying the certificate. During this window, visitors may see certificate warnings. Agencies that announce a launch before the provisioning window has closed expose their clients to a poor first impression on launch day.

Domains connected to multiple Shopify stores simultaneously. Shopify only allows a custom domain to be connected to one store at a time. If an agency is migrating a client from an old Shopify store to a new one, the domain may briefly be connected to both, or the disconnection from the old store may not complete before connection to the new store is attempted. This state prevents Shopify from issuing a valid certificate and results in certificate errors that are not obviously explained by anything visible in the Shopify admin.

The Checkout Subdomain Problem

Shopify stores can be configured with custom checkout domains — for example, checkout.client.com instead of the default checkout.shopify.com path. Custom checkout domains require separate SSL certificate management. A failure on the checkout subdomain does not necessarily produce a visible error on the storefront — the main site may load normally — but breaks the checkout flow.

Payment processors validate SSL on the endpoint they are submitting payment data to. A certificate error on a custom checkout domain causes payment submission to fail. For Shopify clients running significant e-commerce volume, a checkout subdomain certificate failure breaks revenue before it triggers a standard uptime alert, because the storefront itself remains accessible.

Agencies monitoring only the primary storefront domain will not see the checkout subdomain certificate failure until the client reports it — typically after customers have reported failed checkouts.

Third-Party App Vendor Outages

Shopify agencies install third-party apps from the Shopify App Store to extend store functionality. A standard agency client's Shopify stack might include: Klaviyo for email marketing, ReCharge for subscription management, Gorgias for customer support, Yotpo or Judge.me for reviews, a loyalty app, a product recommendation app, and several other integrations.

Each of these third-party vendors runs its own infrastructure. When a vendor has an outage — a Klaviyo email service disruption, a ReCharge API failure, a Gorgias widget loading error — the Shopify storefront is affected. Depending on how the app is integrated, the outage may:

Cause the storefront to load slowly, because a JavaScript asset from the vendor's CDN is timing out
Break a specific feature while the rest of the store remains functional (reviews not loading, loyalty points not displaying)
Block checkout, if the broken app has a checkout extension that Shopify requires to complete before processing the order

None of these are Shopify platform issues. None of them show up in Shopify's status page. They will not be detected by standard uptime monitoring of the storefront URL. The agency discovers them when the client asks why their review widget disappeared or why checkout is producing errors.

Agencies managing Shopify clients need vendor status monitoring as a separate monitoring layer — tracking the status pages of the apps in their clients' stacks, not just the storefront URL.

DNS Monitoring for Shopify Migrations

Platform migrations to Shopify are a common engagement for Shopify-specialist agencies. A client moves from WooCommerce, Magento, BigCommerce, or a custom platform to Shopify. The migration involves content and product data migration, theme build-out, DNS cutover, and SSL certificate provisioning on the new platform.

The DNS cutover is the highest-risk moment. The old platform's SSL certificate was valid and trusted. The Shopify certificate must be provisioned and confirmed before the DNS change is made, or immediately after — depending on whether the new domain can be verified in advance.

If the DNS change is made before Shopify has provisioned the certificate, there is a window during which visitors arriving at the new nameservers see an invalid or missing certificate. This window can be minutes or hours, depending on DNS TTL settings. For a migration happening during business hours, it is a window during which any visitor to the client's site gets a security warning on their new Shopify store.

Post-migration, DNS monitoring is important for a different reason: Shopify IP addresses are not static. Shopify changes its IP infrastructure periodically. If an agency hard-coded Shopify IP addresses in the client's DNS rather than using the correct CNAME configuration, the DNS records can become stale when Shopify updates its IPs — causing intermittent or complete SSL certificate failures long after the migration is complete and considered closed.

What to Monitor on Shopify Client Sites

A complete monitoring configuration for a Shopify agency client:

Custom domain SSL — primary storefront domain and any custom checkout subdomains
DNS record integrity — verify CNAME and A records are pointing correctly to Shopify's infrastructure
Storefront uptime — direct HTTP check confirming the store is accessible
Checkout endpoint — separate check on the checkout flow, not just the homepage
Vendor status — track status pages for the apps in the client's stack, particularly those integrated into the checkout or payment flow

The vendor status monitoring is the layer that generic tools do not cover. An agency that knows Klaviyo is having a service disruption before their client calls about email automation failures is in a substantially different position than one that discovers the outage reactively.

Merlonix provides vendor status monitoring alongside SSL and DNS monitoring for Shopify agency portfolios — so agencies know about upstream app outages before their clients do.