MERLONIX
Sign inStart free
Built for JAMstack agencies — 14-day free trial

Static sites have the same DNS surface
as dynamic ones. They just fail more quietly.

JAMstack agencies deploy Hugo, Eleventy, and Astro sites to CDN platforms where custom domain SSL depends on CNAME records staying intact at the client\'s registrar. There is no server to throw an error when DNS breaks. The site loads from cache. The CNAME points nowhere. The SSL renewal fails at the next cycle. Merlonix catches the DNS break before the certificate window closes.

Start free for 14 daysHow it works

No credit card for the trial. Cancel any time.

Check cadence (Agency)
5 min
SSL pre-expiry alert
30 days
Independent DNS resolvers
3
Vendors watched
11

Where JAMstack agencies get caught out

Three failure modes specific to JAMstack static site portfolios.

JAMstack sites are architecturally simpler than dynamic sites — but they fail more quietly when DNS breaks. There is no server error to surface the problem. CDN cache masks the break. The SSL certificate window closes silently. Merlonix monitors the DNS layer continuously.

Silent DNS failure on static sites

JAMstack sites have no server to surface DNS errors — they fail from cache until it drains

A dynamic site with a broken DNS record produces an immediate, visible error — the server is unreachable and the browser shows a connection failure. A JAMstack static site served from a CDN edge continues to load correctly from cached assets for hours or days after the underlying CNAME breaks, because CDN edge nodes serve from local cache regardless of whether the origin DNS is intact. During the cache warm window, standard uptime monitoring shows the site as healthy. The CNAME has been broken since the client changed registrars. The SSL certificate is now unable to renew. The agency finds out when the certificate expires and the CDN platform cannot issue a replacement.

Headless CMS and API layer SSL

JAMstack sites with headless CMS API subdomains have additional SSL surface that expires independently

JAMstack agencies frequently build client sites with Hugo or Eleventy fetching content from headless CMS APIs at build time and from client-branded API subdomains at runtime. These API subdomains — content.clientdomain.com or api.clientdomain.com — have their own CNAME records and their own SSL certificates, provisioned and renewed independently from the main site domain. When an API subdomain certificate expires, the static site frontend loads correctly while the CMS content API returns SSL errors. The client sees missing content or broken dynamic features rather than a site outage — a subtler failure that is harder to attribute and slower to resolve.

Framework migration DNS residue

Migrating clients between JAMstack frameworks leaves stale DNS records from previous CDN platforms

JAMstack agencies migrate clients between frameworks and hosting platforms regularly — from Hugo to Astro, from Netlify to Cloudflare Pages, from Vercel to a self-hosted CDN. Each migration creates DNS records for the new platform and should remove records for the old one. In practice, old CNAME records for previous CDN platforms persist in the client's DNS zone for months or years after the migration. These stale records do not cause immediate failures but create ambiguity during incident investigation — when something breaks, it is unclear whether the active CNAME is pointing at the current platform or whether the site is somehow still being served from the old one.

How it works

SSL and DNS monitoring for Hugo, Eleventy, and Astro client portfolios.

Merlonix monitors CNAME integrity at the DNS level — not via HTTP — so JAMstack agencies catch client registrar changes before CDN cache masks the break and the SSL renewal window closes.

01

Add site and API subdomain per JAMstack client

Verify ownership with a DNS TXT record on the apex domain. The main site domain and all API or CMS subdomains are added without additional verification. Under two minutes per client — full coverage from the start across whatever CDN platform each client uses.

02

CNAME integrity monitoring independent of CDN cache state

Three independent DNS resolvers check every CNAME delegation on every monitoring interval — directly, not via HTTP. The check is not affected by CDN cache state. When a client registrar migration drops the CNAME, the alert fires within minutes, while the CDN cache is still warm and the SSL certificate is still valid.

03

SSL chain validation for site and API subdomains

Full certificate chain validation on every check for both the main site domain and API subdomains independently. An expired API subdomain certificate fires 30 days before expiry — separate from the main site certificate. Domain registration expiry is tracked separately from SSL.

04

Vendor status for Netlify, Vercel, and Cloudflare

Merlonix monitors Netlify, Vercel, and Cloudflare platform status alongside client SSL and DNS. When a Netlify CDN incident affects multiple static site clients simultaneously, you see the vendor event correlated with client-side alerts before your inbox fills.

What the numbers mean for JAMstack agencies

Monitoring built for static-first client portfolios.

JAMstack sites fail quietly when DNS breaks — CDN cache masks the problem from HTTP-based uptime monitoring. Merlonix monitors at the DNS level so agencies know within minutes of a CNAME change, not when the certificate finally expires and the CDN cannot renew it.

< 10 min

Time from DNS change to alert — catches CNAME drift before CDN cache drains and the SSL renewal window closes

30 days

SSL expiry warning lead time — enough time to restore a broken CDN CNAME and trigger certificate reprovisioning

11 vendors

Upstream services monitored — Netlify, Vercel, and Cloudflare included for cross-client incident correlation on JAMstack portfolios

200 assets

Maximum monitored domains on the Agency plan — covers main site domains and API subdomains across a full JAMstack client roster

Pricing

Flat monthly fee. Every static site client domain included.

No per-domain charges. No per-CDN fees. Pick the tier that fits your JAMstack client count and add clients without billing surprises.

See full feature comparison →

Starter

For individual JAMstack developers managing a small static site client portfolio.

$29/ month

  • 10 monitored assets
  • 1 seat
  • 15-min check cadence
  • SSL + DNS + vendor monitoring
  • Email + Slack alerts
Start with Starter
Most chosen

Team

For JAMstack agencies with site domains and API subdomains across multiple CDN platforms.

$79/ month

  • 50 monitored assets
  • 5 seats
  • 10-min check cadence
  • SSL + DNS + vendor monitoring
  • Email + Slack alerts
Start with Team

Agency

For agencies with a full JAMstack client roster across Netlify, Vercel, and Cloudflare Pages.

$199/ month

  • 200 monitored assets
  • 15 seats
  • 5-min check cadence
  • SSL + DNS + vendor monitoring
  • Email + Slack alerts
Start with Agency

Know when a client CNAME breaks before the SSL window closes.

Add your first JAMstack client domain in under two minutes. Site and API subdomains are covered from the start. 14-day trial, no card required.

Start free for 14 daysRead the agency SSL checklist →