WooCommerce on WordPress Multisite maps multiple store domains from one install.
Each domain has independent SSL — and cPanel AutoSSL fails silently after a client changes DNS.
WooCommerce agencies on SiteGround, WP Engine, and cPanel shared hosting manage SSL through AutoSSL, which fails silently when a client changes DNS provider or registrar. WordPress Multisite maps multiple client store domains from one WooCommerce installation — each with its own certificate. Payment gateway subdomains and checkout endpoints add additional SSL schedules outside the primary store domain. Merlonix monitors SSL and DNS so you see expiry before clients do.
No credit card for the trial. Cancel any time.
- Check cadence (Agency)
- 5 min
- SSL pre-expiry alert
- 30 days
- Independent DNS resolvers
- 3
- Vendors watched
- 11
Where WooCommerce agencies get caught out
Three failure modes specific to WooCommerce client deployments on cPanel hosting and WordPress Multisite.
WooCommerce agencies managing cPanel-hosted stores deal with AutoSSL silent renewal failures after client DNS changes, Multisite-mapped domain SSL that expires independently across each store, and payment gateway subdomain SSL that carries a separate certificate outside the agency's standard store monitoring.
cPanel AutoSSL fails silently when a client changes DNS registrar or provider — and the store SSL expiry is discovered at checkout
WooCommerce agencies hosting client stores on SiteGround, Kinsta, or any cPanel-based host manage SSL through AutoSSL, which renews Let's Encrypt certificates on a 90-day cycle using HTTP or DNS validation. When a client migrates DNS to a new provider, AutoSSL validation fails and the agency is not notified
cPanel AutoSSL validates domain ownership before renewing the Let's Encrypt certificate. When a client changes their DNS registrar — during a website rebrand, IT consolidation, or agency onboarding — the new DNS zone may be missing the records AutoSSL needs, or DNS propagation may delay validation long enough to fail the renewal attempt. cPanel marks the domain as failed and queues it for retry, but does not send an alert to the hosting account owner or the agency. The existing certificate continues to serve until it expires 90 days after the last successful renewal. WooCommerce stores rely on valid SSL for payment processing: WooCommerce hides the checkout form entirely when the certificate is invalid or expired in some themes. The agency discovers the failure when a client reports that customers cannot check out — not when the DNS change occurred months earlier.
WordPress Multisite maps multiple WooCommerce store domains from one install — each store domain has independent SSL that expires on a different schedule
Agencies using WordPress Multisite with WooCommerce run multiple client stores on separate domains from a single WordPress installation. Each store domain is mapped to the Multisite network and requires its own SSL certificate provisioned independently through cPanel, a VPS Certbot setup, or a CDN like Cloudflare
A WooCommerce agency running a Multisite network for a client with multiple brands — maindomain.com, brand-b.com, and brand-c.com — manages three independent SSL certificates under one WordPress install. Each domain is added to the Multisite network via domain mapping, but the SSL for each domain is provisioned separately through whatever controls that domain's hosting. The certificate for brand-b.com and brand-c.com often receives less attention than the primary store because those stores generate less revenue or are managed by a different team. Secondary store SSL expiry reaches the agency through a client report that "the brand-b store is throwing an SSL error" — which then requires identifying which certificate, on which host, under which cPanel account, needs to be renewed or re-provisioned.
WooCommerce checkout subdomains, payment gateway webhooks, and API endpoints carry SSL independent from the store domain
WooCommerce stores connect to payment gateways, shipping APIs, and external services through API endpoints and webhooks. Agencies frequently self-host or proxy these connections through client subdomains — pay.clientstore.com, webhooks.clientstore.com, api.clientstore.com — each carrying its own SSL certificate
A WooCommerce build that self-hosts a payment gateway proxy or order management integration often uses subdomains to namespace the integration: pay.clientstore.com routes to the payment processor, fulfillment.clientstore.com handles order webhooks from the warehouse system, and reviews.clientstore.com connects to a third-party review platform. Each of these subdomains has an SSL certificate provisioned and managed separately from the main WooCommerce store domain. Payment gateway proxy subdomains are the most critical: when pay.clientstore.com SSL expires, WooCommerce cannot reach the payment processor. Checkout completes the form submission but fails at the payment step — the customer sees a generic payment error, abandons the cart, and the agency receives an escalation about "the payment method not working" rather than an SSL alert.
How it works
SSL and DNS monitoring for WooCommerce stores on cPanel, WP Engine, and WordPress Multisite.
Merlonix monitors CNAME integrity and SSL health across every WooCommerce store domain — including Multisite secondary stores and payment gateway subdomains — and catches cPanel AutoSSL renewal failures before the 90-day certificate expires.
01
Add store domains, Multisite-mapped domains, and payment gateway subdomains
Verify ownership with a DNS TXT record on the apex domain. All subdomains under that apex — Multisite-mapped secondary store domains on the same apex, payment proxy subdomains, webhook endpoints, and checkout subdomains — are added without additional verification. Monitoring secondary store domains catches Multisite SSL expiry before clients in secondary brand or regional markets report errors. Under two minutes per client.
02
CNAME integrity checks on cPanel, WP Engine, Kinsta, and CDN-hosted WooCommerce domains
Three independent DNS resolvers check every CNAME delegation on every monitoring interval. When a client changes DNS registrar and the new DNS zone is missing or modifying a CNAME that cPanel AutoSSL depends on for HTTP validation, the mismatch is detected immediately — before the 90-day certificate expires. When a WooCommerce store is migrated from SiteGround to WP Engine and a DNS CNAME or A record is not updated correctly, the break surfaces in the next monitoring interval rather than when the old certificate expires.
03
SSL monitoring 30 days before expiry across all WooCommerce store domains and checkout subdomains
Full SSL chain validation on every WooCommerce store domain, Multisite-mapped secondary store domain, and agency-managed payment or webhook subdomain. An expiry alert fires 30 days before the certificate expires — enough lead time to manually renew a cPanel AutoSSL certificate, verify Certbot cron on a VPS, or re-provision CDN SSL for a Multisite domain. Payment gateway subdomains and checkout endpoints are monitored on the same 30-day schedule as the primary store domain.
04
Vendor status for WP Engine, SiteGround, Kinsta, and common WooCommerce hosting platforms
Merlonix monitors WP Engine, SiteGround, Kinsta, and common WooCommerce hosting platform status alongside client SSL and DNS. When a SiteGround infrastructure incident causes cPanel AutoSSL validation failures across multiple hosted store domains simultaneously, you see the vendor event — not a cascade of individual client alerts that each require separate investigation to determine whether the cause is a client DNS change or a hosting platform-wide issue.
What the numbers mean for WooCommerce agencies
Monitoring built for WooCommerce agencies where one client can mean multiple store domains and payment subdomains, each with independent SSL.
WooCommerce agencies managing Multisite networks need SSL monitoring that covers every mapped store domain — because a secondary brand certificate expiring blocks checkout on that store before the primary store is affected, and cPanel AutoSSL failures after client DNS changes are silent until the 90-day certificate runs out.
< 10 min
Time from DNS change to alert — catches cPanel AutoSSL renewal failures caused by client DNS registrar migrations before the 90-day certificate expires and the WooCommerce checkout returns SSL errors
30 days
SSL expiry warning lead time — enough time to manually renew a cPanel certificate, verify Certbot cron on a VPS, or re-provision CDN SSL for a Multisite-mapped store domain before clients see checkout errors
11 vendors
Upstream services monitored — WP Engine, SiteGround, and Kinsta included to distinguish platform incidents from individual client DNS changes affecting WooCommerce store SSL renewals
200 assets
Maximum monitored domains on the Agency plan — covers primary store domains, Multisite secondary stores, and payment gateway subdomains across a full WooCommerce client portfolio
Pricing
Flat monthly fee. Every Multisite store domain and payment subdomain included.
No per-domain charges. No per-store fees. Pick the tier that fits your WooCommerce client count and monitor every store domain without billing surprises.
Starter
For individual WooCommerce developers managing a small client portfolio on cPanel or WP Engine.
$29/ month
- 10 monitored assets
- 1 seat
- 15-min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Team
For WooCommerce agencies managing Multisite clients and payment gateway integrations.
$79/ month
- 50 monitored assets
- 5 seats
- 10-min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Agency
For agencies with a full WooCommerce client roster across cPanel hosting, WP Engine, and Kinsta.
$199/ month
- 200 monitored assets
- 15 seats
- 5-min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Know when a WooCommerce store domain or cPanel SSL is about to expire.
Add your first WooCommerce client domain in under two minutes. Multisite secondary store domains and payment gateway subdomains are monitored from the same dashboard. 14-day trial, no card required.