Is my domain expiring the same as my SSL certificate expiring?

No — they're two different things on two different clocks. The SSL/TLS certificate secures the connection; it's issued by a certificate authority, lives weeks to months, and is usually renewed automatically by your host or an ACME client. The domain is the name itself, rented from a registrar, renewed once every year or few years by paying that registrar. One can be perfectly fine while the other lapses. If the domain expires, the whole name eventually stops resolving and the certificate becomes irrelevant.

I set up auto-renew years ago — why would it fail now?

The usual culprit is a payment that didn't go through: a card on file that expired, was replaced, or got declined. Close behind are a registrant email address that changed (so you never saw the renewal warnings), a domain that was transferred to another registrar or account where auto-renew was never switched on, and a registrar price or policy change. Auto-renew is an instruction to charge a card on a date — anything that breaks the charge breaks the renewal, silently.

My domain expired — is my website gone for good?

Not immediately, and usually not for weeks. After the expiry date most registrars keep the name renewable at the normal price for a grace period of up to 45 days, though they will interrupt your site and email during it so you notice. After that comes a 30-day Redemption Grace Period where you can still recover the name, but for a steep restore fee. Only after a final 5-day Pending Delete does the name actually drop and become available to anyone. So there's a recovery window — it just gets more expensive and risky as it runs out.

What is a redemption fee?

It's the charge to restore a domain after it has been deleted but is still in the 30-day Redemption Grace Period. It is set by the registrar and is typically many times the cost of a normal renewal, on top of the renewal itself. ICANN requires the fee to be reasonable and disclosed up front, but it exists specifically because recovery at that stage is a manual, last-chance operation — which is the whole argument for not getting there.

How do I find my domain's true expiry date?

Read the registry's own record, not just your registrar's dashboard. The authoritative expiry date lives at the registry and is published through RDAP (the modern, structured replacement for WHOIS). A registrar dashboard can show the wrong account, lag behind, or simply be one you're no longer looking at. The registry record is the source of truth, and it's what a domain check reads.

Did your domain auto-renew fail? How to check before your site goes dark

You set auto-renew years ago and haven't thought about it since. The quiet worry: is it still working, and what happens if it isn't? Here's the short version. A domain and its security certificate are two different clocks, and people constantly confuse them. Auto-renew can fail without a sound. And if a domain does lapse, the name doesn't vanish instantly — it goes dark on a schedule, and stays recoverable for a while at rising cost. The way to stop guessing is to read the authoritative registry record, not your registrar's dashboard.

Your certificate and your domain are two different things

This is the confusion worth clearing first, because almost everything else follows from it. Your site depends on two separate registrations that expire independently, on completely different timescales.

The SSL/TLS certificate secures the connection — the encryption and the proof that you are who you say you are. It comes from a certificate authority, it lives for weeks to months, and these days it is almost always renewed automatically by your host or an ACME client running every few weeks. When it lapses you get a browser security warning, but the site still exists.

The domain is the name itself — the rented right to yourdomain.com as an address on the internet. It comes from a registrar, and you renew it by paying that registrar, once every year or few years. When it lapses, there is no warning page to click through: the name eventually stops resolving entirely, and a certificate, however valid, has nothing left to secure. So a perfectly healthy certificate tells you nothing about whether your domain is paid up, and vice versa. They are different bills to different companies, and this guide is about the second one. (If it's the certificate clock you're worried about, that's covered in what your SSL check result means.)

Why auto-renew fails even though you set it up

Auto-renew sounds like a guarantee, but underneath it is just a standing instruction to charge a card on a future date. Anything that breaks the charge breaks the renewal — and because it fails silently, you find out from a dead site, not an alert. The common reasons, roughly in order:

The payment didn't go through. The single most common cause: the card on file expired, was reissued with a new number, or was simply declined. Auto-renew is only as alive as the card behind it.
You never saw the warnings. Registrars are required to email renewal reminders, but they go to the registrant email on record. If that address changed — you left a company, dropped an old mailbox, or the domain is under a colleague's account — the notices land nowhere you'll read them.
The domain moved. If it was transferred to another registrar or into a different account, an auto-renew setting from the old home doesn't necessarily travel with it. People assume it carried over; often it didn't.
Price or policy changed. A renewal price increase, a lapsed payment method on the account, or auto-renew quietly toggled off during a dashboard redesign can all leave a domain that you believe is set to renew, unset.

Registrars aren't supposed to let this happen quietly: ICANN's rules require them to send at least two renewal reminders before expiry — one roughly a month out and one roughly a week out — plus another within five days afterward if the name is deleted. In theory you get three warnings. In practice every one of them is sent to the registrant email address on the official record, so the moment that address goes stale, the safety net you were counting on is quietly emailing an inbox nobody reads. The warnings exist; they just may not be reaching you.

None of these failures announce themselves where you'll notice. That's the whole problem with "set and forget": the failure mode is silent too, so the only reliable signal is to look for yourself.

What actually happens when a domain expires

A lapsed domain doesn't disappear at midnight on its expiry date. For the common generic top-level domains (.com, .net, .org and the like), ICANN defines a recovery lifecycle with several stages. The exact lengths vary by registrar and by TLD, but the shape is consistent.

The site goes dark — on purpose. At or shortly after expiry, your registrar interrupts the domain's DNS so the website and email stop working. This isn't a glitch; ICANN's rules actually require registrars to disrupt resolution after expiration so the lapse is impossible to miss. If they show a parking page instead, it has to say the domain is expired and how to renew.
Auto-renew grace period — up to ~45 days. For a window after expiry, the name is still yours to renew at the normal price. The length is set by your registrar and varies a lot; some give the full window, some far less. This is the cheap, easy stage — if you catch it here, you just pay the usual renewal.
Redemption Grace Period — 30 days. If the grace period passes, the registry deletes the registration but holds it in redemption for 30 days, a duration ICANN fixes for gTLDs. The name is still recoverable, but now only by paying a redemption (restore) fee on top of the renewal — and that fee is steep.
Pending Delete — 5 days. If redemption lapses too, the name enters a final five-day hold where nothing can be done. There is no renewing, restoring, or intervening. It's simply queued for release.
It drops. After pending delete, the name is released and anyone can register it, first-come-first-served.

That adds up to roughly two and a half months of runway from expiry to permanent loss for a typical gTLD — but lean on that number at your peril, because country-code domains write their own rules. Those periods are set by each country's registry, not ICANN, and they differ sharply: some offer a grace period with no redemption stage at all, others offer no grace period whatsoever. The only safe assumption is that your specific TLD has its own timetable, and that the early, cheap stage is shorter than you'd like.

Why getting it back gets expensive and risky

The lifecycle is a slope, not a cliff, and every stage down it costs more and controls less. The redemption fee is the obvious jump: where a renewal might be a normal yearly charge, restoring from redemption is typically many times that, because at that point the name has technically been deleted and bringing it back is a manual, special-case operation the registry charges for.

The sharper risk comes after the drop. A domain with any value — traffic, age, backlinks, a recognisable brand — is not sitting unwatched. Services exist specifically to monitor names approaching deletion and to register them the instant they drop, sometimes to resell them back to you, sometimes to run ads on your old traffic, sometimes worse. The more your domain is worth to you, the more likely it is that someone else is already waiting for your mistake. So the cost of letting a domain lapse isn't only the restore fee; past the final stage it can be losing the name entirely to someone who was watching the clock more carefully than you were. Which is the entire argument for watching it yourself.

How to check your real expiry, not the dashboard

Here's the trap: the place most people would check — the registrar's control panel — is the least reliable one. It can show a different account than the one that actually holds the domain, lag behind the real status, or belong to a registrar you transferred away from years ago. The authoritative answer doesn't live there.

Every domain's true expiry date is held by the registry — the operator of the TLD itself — and published through RDAP, the modern, structured replacement for the old WHOIS system. The registry record is the source of truth: registrars sell names, but the registry stores the canonical registration, including the official expiry date. That's exactly what a domain check reads, so it can't be fooled by a stale or wrong-account dashboard. Enter your domain below and you'll get its real registration expiry — and how many days are left — alongside its DNS and certificate, in one verdict. No signup.

A healthy result here means the registry itself agrees your domain is paid up and not near its edge — which is the one assurance a dashboard can't always give you. If the number is smaller than you expected, or the status looks wrong, that's your cue to log in and confirm the card, the email, and the auto-renew setting are all actually current — while you're still in the cheap, easy stage and not the expensive one.