Domain expired - what happens and how WHOIS monitoring saves it
· 6 min read
An expired domain takes down your site, email and status page at once, and recovery takes hours to days. WHOIS monitoring warns you months ahead.
Why expiry is catastrophic
When an SSL certificate expires, the browser shows a warning. Some customers click "Proceed anyway", the rest leave the site. The loss is significant but limited.
When the domain expires, it is a different story:
- NS records are removed from the TLD zone
- DNS lookup of your domain starts failing for all users
- website, email (MX) and internal services on subdomains - all fail at the same time
- third-party API integrations with you fail
- after the grace period (typically 30 days) anyone can buy the domain
Grace period: do you still have time?
After expiry most TLDs have a grace period - a window in which you can renew at the standard price:
- gTLD (.com, .net, .org): up to 45 days auto-renew grace, then 30 days redemption (at a higher price, around €80), finally 5 days pending delete
- .sk: 40-day protection period after expiry (renewal for a fee during it), on day 41 deletion and release
- .cz: 60-day protective period in total - the domain keeps resolving for the first 30 days, on day 31 it is removed from the DNS zone; it can be renewed at the standard price during the whole 60 days, on day 61 it is deleted (and may go to a CZ.NIC auction)
- .eu: 40 days quarantine
- .io: 30 days grace
During the grace period DNS doesn't work. The domain exists but is in the "expired" state. Once it ends, the domain can go to auction or free registration.
Worst case: Someone else buys your domain - typically a buyer of drop-catched domains with SEO value. You lose the entire brand identity, all existing links and your SEO ranking. Outside of expensive UDRP proceedings, you have no legal right to get it back.
Why auto-renewal fails
Most registrars offer auto-renewal. In practice it fails for these reasons:
- Expired credit card - the most common reason. The card was reissued, but the new details were never updated at the registrar.
- Insufficient funds - the direct debit from the bank account failed and nobody noticed the email from the registrar.
- The registrar email ends up in spam - you never even see the notification.
- Ownership or account change - the registrar account is held by a former employee or a former company.
- Auto-renewal disabled - often the default at some registrars.
WHOIS lookup: what it does
The WHOIS protocol (RFC 3912) is a query to the registrar system: "Who owns this domain and when does it expire?". The answer contains:
$ whois epulz.io
Domain Name: EPULZ.IO
Registry Domain ID: ...
Updated Date: 2026-04-15T09:23:11Z
Creation Date: 2026-02-20T12:00:00Z
Registry Expiry Date: 2027-02-20T12:00:00Z ← THIS
Registrar: ...
Domain Status: clientTransferProhibited
Name Server: NS1.EXAMPLE.COM
Name Server: NS2.EXAMPLE.COM
...
For monitoring we care about the Registry Expiry Date. This is the date when the domain goes into the expired state if you don't renew.
RDAP: modern WHOIS replacement
WHOIS originated in 1982 (RFC 812), the current specification is RFC 3912 from 2004, and it has its limits (unstructured text response, no authentication, no TLS). ICANN is therefore pushing the transition to RDAP (Registration Data Access Protocol) - a JSON-based REST API.
$ curl -s https://rdap.verisign.com/com/v1/domain/example.com | jq '.events[] | select(.eventAction=="expiration")'
{
"eventAction": "expiration",
"eventDate": "2027-02-20T12:00:00Z"
}
RDAP is more reliable (standardized JSON instead of regex on unstructured text) and has TLS. A monitoring service should ideally combine both: RDAP preferentially and WHOIS as a fallback for TLDs that don't have RDAP.
Notification strategy
For a domain, longer warning periods are appropriate than for an SSL cert. SSL renews automatically via certbot (typically a 30-day cushion is enough), but a domain requires:
- manual verification of the credit card in the registrar account
- a possible financial decision (a multi-year renewal is cheaper)
- preparing for a rebrand if you don't want to renew the domain (rare, but it happens)
Recommended alert schedule:
- 30 days in advance - escalation if nothing is happening
- 14, 7, 3 and 1 day in advance - critical alerts
Practical renewal procedure
- Log in to the registrar (verify the password and 2FA before expiry).
- Check the state of the payment card - is it about to expire?
- Check the auto-renewal setting - is it enabled? For how many years?
- Manually extend by at least 2 to 3 years (a longer registration reduces the risk of further oversights).
- After renewal, wait 24 hours and verify via
whoisor RDAP that the Expiry Date has moved.
Conclusion
Domain expiry is among the most common causes of catastrophic outages - and one of the easiest to prevent. Regular WHOIS monitoring costs almost nothing and provides months of warning before a catastrophe that renewal itself handles in minutes.
WHOIS expiry monitoring
ePulz.io tracks WHOIS for .sk, .cz, .eu, .com, .io and other TLDs. Notifications 30, 14, 7, 3 and 1 day in advance. 7 days free.
Try ePulz.io free - 7 days, no credit card needed.
Create account