Domain renewals made safe
Estimated read time. 6 to 7 minutes.
Quick summary
- Risk: Downtime, trust loss, and revenue hits if renewal fails.
- Do this now: Turn on auto-renew. Use an off-domain email for alerts. Add a backup payment method. Renew early or multi year. Set reminders at 21 and 7 days to confirm renewal success.
- Best for organizations: Use a registrar like Gandi.net for shared access with owner billing and multiple admins for redundancy.
Do this now
- Turn on auto-renew. Confirm credit card and add a backup method.
- Use off-domain email*. Update registrar contacts and alerts.
- Add redundancy. Two admins (if available). 2FA. Transfer or registry lock where available.
- Renew early. Multi-year terms when appropriate.
- Verify your registrar’s auto‑renew attempt timing and grace/redemption windows for each top-level domain (TLD) you own.
Why this matters
Outages from missed renewals take sites and email offline, hurt credibility, and cost revenue. Most failures are simple. Expired credit cards or missed email alerts are common, and single‑person ownership creates a fragile point of failure.
What happens when a domain expires
- Offline immediately. Website, email, APIs, and services stop resolving.
- Grace period varies. Some TLDs have no grace. Fees and grace/redemption periods differ widely.
- Redemption and auctions. Domains can enter redemption or be auctioned. Automated buyers can take them.
- Missed email alerts. If notices go to addresses on the expired domain, you will not receive them.
- Slow recovery: SSL may need re‑issuance and DNS propagation can delay full restoration.
Renewal timing, in plain terms
- Many registrars attempt renewal about 30 days before domain expiration to allow fixing payment issues.
- Some bill on the expiration date, leaving little buffer if payment fails.
- Verify your registrar’s auto‑renew schedule and grace/redemption windows; timing varies.
Practical takeaway
- Turn on auto‑renew with a valid credit card and backup method.
- Use an off-domain email for registrar alerts.
- Set reminders at 21 and 7 days to confirm renewal success.
- Consider multi‑year renewal to reduce how often you handle renewals; keep alerts and 21/7‑day reminders active for each expiration.
Three options for domain renewals
Pick the setup that fits your organization. You can switch later.
Applies to all options: Off-domain alerts. Backup payment method. Early renewal or multi-year. Document grace and redemption rules for each TLD.
Quick comparison
- Option 1. Owner managed. Highest risk. Best for single owners only.
- Option 2. Vendor managed. Lower effort today. Some risk without shared access.
- Option 3. Shared registrar access (e.g. Gandi.net). Owner billing with multiple admins. Recommended for organizations.
Option 1. Owner managed. Maximum control, higher risk.
You own billing and DNS. This gives maximum control and lowest resilience.
Pros
- Full control of billing and DNS.
- Clear ownership.
- Familiar for single owners.
Cons
- Single point of failure; no redundancy.
- Higher outage risk from missed renewals.
- Grace/redemption rules vary and can be costly.
- Slower operational changes: limited external support and no vendor access to update or verify DNS.
Best for
- A single owner who accepts the risk. Not recommended for organizations.
Reduce risk
- Turn on auto-renew. Check credit card expiry dates.
- Add a backup payment method if supported.
- Use an off-domain email for contacts and alerts.
- Review contact and payment info twice a year.
- Set two reminders in different tools. Include a second person.
- Enable 2FA and transfer lock. Use registry lock if supported.
- Renew early and consider multi-year renewals. Early renewals add to the current term.
- Keep a short SOP and a DNS checklist. Test after changes.
- Document grace and redemption rules per TLD. Consolidate domains at one registrar with clear support.
Option 2. Vendor managed. Low effort, limited access.
The vendor monitors and pays. This is low effort and risky if access is not shared.
Pros
- Low day-to-day effort.
- Fewer missed renewals when actively monitored.
- Ease of changes: vendor has direct registrar/DNS access to update and verify quickly.
Cons
- Limited direct registrar access.
- Alerts may route only to the vendor.
- Dependency risk if the vendor is unresponsive.
Best for
- Best for very small teams during a transition to shared access.
Require from any consultant, web agency, service provider, or freelancer managing your domain renewals:
- Ownership visible. Annual review of registrant and owner contacts, documented and shared.
- Transparent billing. For example: registrar cost plus a clearly stated admin fee.
- Auto-renew enabled. Valid credit card on file and backup payment method if supported.
- Off-domain contacts. Alerts set to an address not hosted on your domain.
- Transfer path. Documented process to move the domain into your account on request.
- DNS support. Nameserver and DNS changes recorded and resolution confirmed.
How to reduce risk
- Keep owner name and registrant email current. Prefer an off-domain email.
- Confirm contacts on each invoice.
- Store invoices and domain details in your password manager.
- Renew early. Consider multi-year terms.
- Plan a move to shared access with an organization account when feasible.
Option 3. Shared registrar access. Best risk management for organizations.
Use an organization account with roles. This provides shared access and redundancy and is best for organizations.
Pros
- Shared admin access and redundancy.
- Owner-controlled billing with audit trail.
- Lower renewal risk when alerts and payment are set correctly.
Cons
- Initial setup and transfers take time.
- Feature availability varies by registrar/TLD.
- Requires ongoing role and 2FA management.
Best for
- Organizations and teams seeking redundancy.
What to set up
- Owner billing: Enable auto‑renew with a valid credit card and backup payment method.
- Roles and access: Create an organization account; add at least two admins with 2FA, ideally one external to your organization.
- Off‑domain alerts: Use an email not hosted on your domain for contacts and notices.
- Transfer and verify: Move domains in; confirm contacts, privacy, nameservers, and resolution.
- Renewal and documentation: Renew early or multi‑year; document DNS ownership/access and grace/redemption rules.
How to reduce risk
- Enable transfer or registry lock if available.
- Two or more admins with 2FA.
- External calendar reminders at 35, 21, and 7 days; confirm success after renewal.
- Consolidate domains to simplify support and monitoring.
One good option
Gandi.net supports organization accounts, roles, and multiple admins at an accessible price point. If your current registrar offers similar features, use that. Cloudflare Registrar is another example with strong org controls, though .ca is not yet supported.
Niche alternative for large portfolios
Enterprise registrars and portfolio services for large brands. Examples include Gandi Corporate Services, CSC, and MarkMonitor. They offer registry lock, legal workflows, and portfolio management across many TLDs.
Pros
- Strong brand protection and registry lock options.
- Centralized portfolio tools and legal support.
Cons
- Higher cost: services often start in the low thousands per year and can reach five figures.
- Vendor lock‑in: contracts and proprietary workflows make switching harder.
- Complex processes: legal verification, registry lock, and change controls add overhead.
Best for
- Large organizations with many domains or heavy brand protection needs.
What happens if the person responsible for domain renewal gets hit by a bus
What it could look like in practice:
Option 1: Owner managed
On the expiration day, the auto‑renew charge fails. Support emails start bouncing and the homepage goes dark while the owner is unavailable. Billing is updated later that day; DNS and SSL settle overnight—recovery in 12 to 48 hours.
Option 2: Vendor managed
The vendor folds or disappears; renewal notices bounce and no one has registrar access. You initiate ownership verification and an emergency transfer to your account, but legal and registry checks take time. Recovery ranges from 3 to 14 days, and if the domain enters redemption or auction, it can be costly or irretrievable.
Option 3: Shared registrar access
An alert about a failed charge lands in the shared off‑domain mailbox configured for the org. An admin updates the credit card and renews within the hour, and another admin confirms DNS and certificates are clean. Services return the same day—recovery typically 6 to 24 hours.
Be aware that expired domains can be auctioned or taken by automated buyers. Recovery can be costly or impossible, so act quickly.
Simple habits
- Ensure more than one person can access your registrar account and payment method.
- Use an off-domain email for renewal alerts.
- Set one reminder 21 days before expiration, and add a 7 day reminder for buffer.
- Renew early, consider multi‑year terms, and test off‑domain email alerts.
Bottom line
Domain renewals are boring. They get overlooked until something breaks. Then your website and email can go down, and recovery can take days or even weeks.
This is avoidable. Assess your risk and decide if your current setup is acceptable.
- Safest for organizations. Use shared access at Gandi.net with owner billing and multiple admins. Use off-domain contact emails, backup payment methods, early renewals, and document grace and redemption rules.
- Prefer DIY. Turn on auto-renew, check your credit card expiry date, and add a second person to renewal reminders. Renew early and consider multi-year terms.
If you work with me
Option 3 setup
This is what we implement when moving to shared organization access. Some single owners may choose Option 1; several clients remain on Option 2 with safeguards while they transition.
- Organization roles with at least two admins and 2FA.
- Domains transferred with DNS unchanged; nameservers and resolution confirmed.
- Owner billing with auto‑renew and a backup payment method where supported.
- Off‑domain alerting configured and tested.
- Proactive monitoring 30 days before expiration/renewal.
My service and fees
- Setup and transfer. Estimated 2 to 3 hours at my standard billable rate.
- Annual monitoring and admin. $95 per domain. Domain fees billed at cost to your credit card.
Further Reading
- ICANN FAQs for Registrants: Domain Name Renewals and Expiration
- ICANN: Expired Registration Recovery Policy (ERRP)
- ICANN: FAQs for Registrants — Transferring Your Domain Name
- How to transfer .CA domains (CIRA)
Need help
- Email me your registrar and domain expiration date. I will recommend the best option and a quick setup plan.
- If you are an existing Webmarks client, we can review your domains together and make changes right away.