MERLONIX
Sign inStart free
Built for Netlify agencies — 14-day free trial

Netlify manages SSL for your clients.
Until their DNS changes — and you don't know.

Netlify agencies configure custom domains by pointing the client's CNAME to Netlify's CDN. When clients change registrars, hand DNS management to their IT team, or migrate to Cloudflare, the CNAME breaks. Netlify cannot renew the SSL certificate when the CNAME is gone. The certificate stays valid for weeks, then expires — and the first alert you get is a client phone call. Merlonix catches the CNAME break within minutes of it happening.

Start free for 14 daysHow it works

No credit card for the trial. Cancel any time.

Check cadence (Agency)
5 min
SSL pre-expiry alert
30 days
Independent DNS resolvers
3
Vendors watched
11

Where Netlify agencies get caught out

Three failure modes specific to Netlify-managed client portfolios.

Netlify handles SSL provisioning for your clients — but only when their DNS is correct. When a client CNAME breaks after a DNS migration, Netlify cannot re-provision the certificate. Standard uptime monitoring does not watch the CNAME layer. Merlonix does.

Netlify custom domain CNAME drift

Client DNS migrations silently break Netlify custom domain CNAME records

Netlify custom domain configuration requires a CNAME record in the client's DNS zone pointing to [site-name].netlify.app or Netlify's load balancer endpoint. This CNAME is the only link between the client's branded domain and the Netlify-hosted site. When clients migrate to a new registrar, engage a new IT provider, or simply decide to "clean up" their DNS records, the Netlify CNAME is frequently the casualty. Netlify's dashboard shows the custom domain as configured — because it is, on Netlify's side. The DNS zone on the client's registrar is what has changed, and Netlify has no way to detect it. The site continues to load from the client's browser cache for hours after the break, masking the problem until cache expires.

Branch deploy and staging subdomain SSL

Branch deploys and staging subdomains on Netlify have independent SSL that expires separately

Netlify agencies often configure client staging environments on custom subdomains — staging.clientdomain.com mapped to a specific Netlify branch deploy. These staging environments have their own CNAME record and their own Netlify-provisioned SSL certificate, separate from production. A broken CNAME on the staging subdomain means clients cannot review pre-production changes, blocking UAT cycles and sign-off workflows. Standard uptime monitoring watches production URLs. Staging subdomain monitoring requires explicit per-subdomain configuration that most agencies never set up, leaving staging SSL gaps invisible until a client tries to access the UAT environment.

Netlify platform incident correlation

Netlify CDN incidents affect all client sites simultaneously with no advance signal

Netlify platform incidents — CDN degradations, DNS routing issues, SSL provisioning backlogs — affect all sites on the platform simultaneously. When a Netlify incident takes multiple client sites offline at once, the first sign is often a surge of client-reported issues rather than a monitoring alert, because most monitoring tools watch HTTP response codes but do not correlate them with Netlify's status page. The investigation phase — "is this our code, the client's DNS, or Netlify?" — consumes 15–30 minutes per incident before anyone thinks to check Netlify Status. With vendor status monitoring, the Netlify incident appears in your dashboard alongside the client-side symptoms before the clients call.

How it works

SSL and DNS monitoring designed for Netlify-hosted client portfolios.

Merlonix monitors the DNS layer that Netlify depends on for SSL provisioning — so agencies know when a client CNAME breaks while the current certificate is still valid and the fix is simple, not after the certificate expires and Netlify cannot renew it.

01

Add production and staging domains per Netlify client

Verify ownership with a single DNS TXT record on the apex domain. Production and all staging subdomains are monitored from the same verification. Under two minutes per client, regardless of how many subdomains or branch deploys the client has.

02

CNAME integrity checks pointing to Netlify endpoints

Three independent DNS resolvers check every CNAME delegation to Netlify on every monitoring interval. When a client DNS migration removes the Netlify CNAME, the alert fires within minutes — while the current SSL certificate is still valid and the CNAME can still be restored without certificate reprovisioning delays.

03

SSL chain validation and domain registration expiry

Complete SSL chain validation on every check, not just certificate expiry dates. An incomplete intermediate chain from a Netlify SSL update fires immediately. Domain registration expiry monitoring fires 30 days ahead — separate from SSL expiry — so client domains never lapse without a warning.

04

Netlify platform status monitoring

Merlonix monitors Netlify's platform status alongside client SSL and DNS. When a Netlify CDN incident causes latency or errors across your client portfolio, you see the vendor event correlated with client-side alerts — before the client support queue fills up.

What the numbers mean for Netlify agencies

Monitoring built for Netlify-hosted client portfolios.

Netlify agencies rely on Netlify-managed SSL for client custom domains — but Netlify can only provision and renew certificates when the client's DNS CNAME is intact. Merlonix monitors the CNAME layer so agencies know before Netlify's renewal window closes.

< 10 min

Time from DNS change to alert — catches Netlify CNAME drift before the existing SSL certificate hits its next renewal cycle

30 days

SSL expiry warning lead time — enough time to restore the Netlify CNAME and trigger certificate reprovisioning before the deadline

11 vendors

Upstream services monitored — Netlify included for automatic incident correlation across your client portfolio

200 assets

Maximum monitored domains on the Agency plan — covers production and staging environments across a full Netlify client roster

Pricing

Flat monthly fee. Every Netlify client domain included.

No per-domain charges. No per-subdomain fees. Pick the tier that fits your Netlify client count and add clients without billing surprises.

See full feature comparison →

Starter

For individual developers managing a small Netlify client portfolio.

$29/ month

  • 10 monitored assets
  • 1 seat
  • 15-min check cadence
  • SSL + DNS + vendor monitoring
  • Email + Slack alerts
Start with Starter
Most chosen

Team

For Netlify agencies with production and staging subdomains per client.

$79/ month

  • 50 monitored assets
  • 5 seats
  • 10-min check cadence
  • SSL + DNS + vendor monitoring
  • Email + Slack alerts
Start with Team

Agency

For agencies with a full Netlify client roster including branch deploys and staging environments.

$199/ month

  • 200 monitored assets
  • 15 seats
  • 5-min check cadence
  • SSL + DNS + vendor monitoring
  • Email + Slack alerts
Start with Agency

Know when a Netlify CNAME breaks before the SSL clock runs out.

Add your first Netlify client domain in under two minutes. Production and staging environments are covered from the start. 14-day trial, no card required.

Start free for 14 daysRead the agency SSL checklist →