Monitoring Squarespace Client Sites for Agencies: Custom Domain SSL and DNS Failures

Squarespace has a significant agency and freelancer ecosystem — designers and marketing agencies who build on the platform and hand sites off to clients. The hosted nature of Squarespace simplifies a lot of the operational work, but it also creates a specific monitoring surface that most agencies underestimate until something goes wrong.

This post covers the failure modes specific to Squarespace agency work, what to monitor across a Squarespace client portfolio, and why the platform's DNS and SSL handling requires external monitoring even when it looks automated.

How Squarespace Handles Custom Domains and SSL

Squarespace provides free SSL certificates through Let's Encrypt for all sites, including those with custom domains. When a client connects a custom domain, Squarespace provisions the certificate automatically after DNS propagation is confirmed.

The DNS configuration typically requires a CNAME record for www pointing to ext-cust.squarespace.com and either an A record or CNAME for the root domain. For domains registered through Squarespace directly, DNS is managed automatically. For domains registered elsewhere — which is the majority of client domains in agency work — DNS configuration is the client's (or the agency's) responsibility.

That external DNS dependency is where most Squarespace-specific failures originate.

What Breaks on Squarespace Client Sites

1. DNS misconfiguration during domain handoffs

When agencies take over an existing client site or migrate a client to Squarespace from another platform, the DNS records must be updated. Squarespace's documentation is clear on what records are needed, but the execution often involves clients managing their own registrars, partial record updates, or TTL-related propagation delays that look like failures before they resolve.

The specific risk: if a previous platform's DNS records remain active alongside the new Squarespace records, the site may appear to work in some locations but return errors in others. External DNS monitoring shows you the actual record values, not what the Squarespace dashboard claims.

2. SSL provisioning failures on late DNS propagation

Squarespace attempts to provision the SSL certificate once it detects that DNS is pointing to its servers. If the certificate provisioning request is made before DNS has fully propagated, the attempt may fail — and the retry cadence is not instant.

The result: the domain resolves correctly, but returns an SSL error for hours or days after it should be working. From the client's perspective, their new site is broken. From Squarespace's perspective, DNS is configured and there is nothing obviously wrong on their end.

External SSL expiry monitoring catches this state: the certificate either has not been issued, or it was issued with errors that affect certain browsers.

3. CNAME drift after registrar transfers

Registrar migrations — clients moving their domain to a new registrar, often to consolidate billing — are a major source of DNS drift. When the transfer completes, DNS records are supposed to carry over, but they often do not, or they carry over incorrectly. The CNAME pointing to ext-cust.squarespace.com disappears, and the Squarespace site goes offline.

Squarespace's own dashboard continues to show the site as live because the problem is external to Squarespace. The agency finds out when the client calls.

DNS change monitoring on the CNAME and root records catches this within the detection interval rather than after client escalation.

4. Squarespace platform incidents

Squarespace has experienced platform-level incidents affecting hosting, CDN, and custom domain resolution. These incidents affect all sites on the platform simultaneously, are entirely outside the agency's control, and still generate client support calls.

Vendor status monitoring for Squarespace means you receive platform-level incident information proactively rather than discovering it when your client calls.

What to Monitor on Squarespace Client Sites

SSL certificate expiry and validity Squarespace manages certificate renewal automatically, but renewal can fail if DNS configuration changes between renewals or if there is a platform-side issue. Monitor certificate expiry from the outside; set a threshold that gives you time to investigate if Squarespace's auto-renewal has failed.

DNS record stability The CNAME for www should remain pointed at ext-cust.squarespace.com. Any change — whether from a registrar migration, an accidental record edit, or a third-party DNS manager update — warrants investigation before the site goes down.

HTTP uptime on both www and root domain Squarespace redirects configurations vary. Some sites serve on www, others on the bare domain. Monitor both and verify the redirect chain returns the expected final destination without intermediate errors.

Squarespace platform status Platform incidents should trigger proactive client communication, not reactive firefighting. Monitoring Squarespace's vendor status alongside client-level monitoring gives you the full picture.

Why Generic Uptime Tools Miss Squarespace-Specific Failures

A standard uptime monitor checks whether a URL returns an HTTP 200 response at some interval. That catches complete site outages but misses:

DNS record changes that have not yet caused a full outage but will within hours
SSL certificates that are approaching expiry or were provisioned incorrectly
Partial failures where one URL (root vs. www) works and the other does not
Platform incidents that affect Squarespace's infrastructure before they affect individual sites

For agencies managing multiple Squarespace clients, these gaps compound. A DNS change on one client's domain that goes undetected for 24 hours is a client call and a relationship conversation. Multiply that across a portfolio of 20 clients, and the probability of a preventable incident each month approaches certainty.

The Portfolio Monitoring Setup for Squarespace Agencies

For each Squarespace client site:

Add the domain to your monitoring setup with SSL expiry tracking. Set the alert threshold at 30 days — Squarespace renews automatically, but 30 days gives you time to investigate and intervene if renewal has silently failed.
Enable DNS change monitoring on the CNAME and root domain records. Alert immediately on any detected change.
Monitor HTTP uptime on both the www and root domain versions of each site.
Add Squarespace as a vendor in your vendor monitoring setup.
Configure per-client alert routing so the team responsible for a specific client receives alerts for that client — not a shared inbox that filters slowly.

The Retainer Case for Squarespace Monitoring

Many Squarespace agencies move clients to a maintenance retainer after a build is delivered. Monitoring is one of the clearest line items to include in that retainer because the value is concrete: the agency knows before the client knows when something is wrong.

For clients, this is a form of insurance. For agencies, it is both a revenue stream and a protection against the client calls that are hardest to handle — the ones where the client's site is down and the agency had no warning.

Merlonix is built for agency portfolio monitoring — SSL expiry alerts, DNS change detection, vendor status monitoring, and per-client alert routing. Start a free trial and add your first Squarespace client domain.