Back to blog

Domain expired - what happens and how WHOIS monitoring saves it

· 6 min read

In brief: Expired domain registration causes everything to go down at once - web, email, status page. Recovery takes hours to days as DNS changes propagate. WHOIS monitoring warns you months in advance, which is trivially overlooked for multi-year registrations.

In brief: Expired domain registration causes everything to go down at once - web, email, status page. Recovery takes hours to days as DNS changes propagate. WHOIS monitoring warns you months in advance, which is trivially overlooked for multi-year registrations.

Why expiry is catastrophic

When an SSL certificate expires, the browser shows a warning. Some customers click "Proceed anyway", the understanding portion stays. The loss is significant but limited.

When the domain expires:

  • NS records are removed from the TLD zone
  • DNS lookup of your domain starts failing for all users
  • Web, email (MX), internal service (subdomains) - all fall at the same time
  • Third-party API integrations with you fail
  • After the grace period (typically 30 days) anyone can buy the domain

Grace period: do you still have time?

After expiry most TLDs have a grace period - a window when you can renew at standard price:

  • gTLD (.com, .net, .org): 30 days auto-renew grace, then 30 days redemption (with higher price ~€80)
  • .sk: 30 days grace, then 60 days redemption
  • .cz: 60 days grace, no redemption (after 60 days free)
  • .eu: 40 days quarantine
  • .io: 30 days grace

During grace DNS doesn't work. The domain exists but is in "expired" state. After grace it can go to auction or free registration.

Worst case: Someone else buys your domain (typically a buyer of drop-catched domains with SEO value). You lose the entire brand identity, all existing links, SEO ranking. You have no legal right to get it back outside expensive UDRP proceedings.

Why auto-renewal fails

Most registrars offer auto-renewal. In practice it fails for these reasons:

  • Expired credit card - most common reason. The card renews, but the data wasn't updated at the registrar.
  • Insufficient funds - debit from the bank account failed, nobody noticed the email from the registrar.
  • Registrar email ends up in spam - you don't even see the notification.
  • Ownership / account change - the registrar is on a former employee or former company.
  • Auto-renewal disabled - often the default of some registrars.

WHOIS lookup: what it does

The WHOIS protocol (RFC 3912) is a query to the registrar system: "Who owns this domain and when does it expire?". The answer contains:

$ whois epulz.io

Domain Name: EPULZ.IO
Registry Domain ID: ...
Updated Date: 2026-04-15T09:23:11Z
Creation Date: 2026-02-20T12:00:00Z
Registry Expiry Date: 2027-02-20T12:00:00Z   ← THIS
Registrar: ...
Domain Status: clientTransferProhibited
Name Server: NS1.EXAMPLE.COM
Name Server: NS2.EXAMPLE.COM
...

For monitoring we care about Registry Expiry Date. This is the date when the domain goes into expired state if you don't renew.

RDAP: modern WHOIS replacement

The WHOIS protocol is from 1982 and has its limits (unstructured text response, no authentication, no TLS). ICANN is pushing the transition to RDAP (Registration Data Access Protocol) - JSON-based REST API.

$ curl -s https://rdap.verisign.com/com/v1/domain/example.com | jq '.events[] | select(.eventAction=="expiration")'

{
  "eventAction": "expiration",
  "eventDate": "2027-02-20T12:00:00Z"
}

RDAP is faster (JSON parse vs regex on text), standardized and has TLS. A monitoring service should ideally combine both (RDAP preferentially, WHOIS fallback for TLDs that don't have RDAP).

Notification strategy

For a domain longer warning periods are appropriate than for SSL certs. SSL renews automatically via certbot (typically 30 days cushion is enough). A domain requires:

  • Manual verification of the credit card in the registrar account
  • Possible financial decision (multi-year renewal is cheaper)
  • Preparing for a rebrand if you don't want to renew the domain (rare but happens)

Recommended alert schedule:

  • 90 days in advance - first warning, time for a multi-year decision
  • 30 days in advance - escalation if nothing is happening
  • 14, 7, 3, 1 day in advance - critical alerts

Practical renewal procedure

  1. Log in to the registrar (verify the password and 2FA before expiry)
  2. Check the state of the payment card - is it about to expire
  3. Check auto-renewal setting - enabled? How many years?
  4. Manually extend by at least 2-3 years (registration lock-in reduces the risk of further oversights)
  5. After renewal wait 24 hours and verify via whois or RDAP that the Expiry Date moved

Conclusion

Domain expiry is among the top 5 causes of catastrophic outages - and one of the easiest to prevent. Regular WHOIS monitoring costs almost nothing and provides months of warning before a catastrophe that renewal handles in minutes.

WHOIS expiry monitoring

ePulz.io tracks WHOIS for .sk, .cz, .eu, .com, .io and other TLDs. Notification 90/30/14/7/3/1 day in advance. 7 days free.

Start monitoring →

Try ePulz.io free - 7 days, no credit card needed.

Create account