The Complete Guide to Domain Expiry and Renewal

Introduction

Your domain name is the front door of your business. It is how customers find you, how email reaches you, and how search engines identify your site. Lose it, and you lose all three at once.

Domain expiry is one of those risks that feels unlikely until it happens. Then it is catastrophic. Companies have lost revenue, reputation, and years of SEO equity because a domain renewal slipped through the cracks. Sometimes it is a missed credit card update. Sometimes it is an employee who left the company and took the registrar login with them. Sometimes it is just bad luck.

This guide covers every stage of the domain lifecycle, from the moment you register a domain to the moment it drops back into the public pool. You will learn exactly what happens when a domain expires, how grace and redemption periods work, how to check your domain expiration dates, and how to build a renewal process that actually protects you.

Whether you manage one domain or one thousand, this is the reference you need.

What Is Domain Expiry?

Domain expiry is the point at which your registration period ends and you no longer have active rights to a domain name. When you register a domain, you are not buying it outright. You are leasing it from a registry (like Verisign for .com domains) through a registrar (like Namecheap, GoDaddy, or Cloudflare) for a set period, typically one to ten years [1].

When that lease runs out and you have not renewed, the domain enters a series of post-expiration phases. Eventually, if you still have not renewed, the domain becomes available for anyone to register.

Domain expiration is not instant deletion. There is a process, and understanding that process gives you time to recover a domain you have accidentally let lapse. But that time is limited, the recovery costs go up fast, and there are no guarantees.

For a deeper look at the immediate consequences, see our article on what happens when a domain expires.

The Domain Lifecycle

Every domain name follows the same general lifecycle, defined by ICANN (the Internet Corporation for Assigned Names and Numbers) for generic top-level domains (gTLDs) [2]. Country-code TLDs sometimes deviate, but the broad structure is consistent.

Registration

You search for a domain, find it available, and register it through a registrar. You choose a registration period (1 to 10 years for most gTLDs) and pay the registration fee. The domain is now yours for that period.

At registration, you also set contact information (registrant, admin, technical contacts), nameservers, and optionally enable WHOIS privacy protection. All of this data feeds into the registry's database.

Active Period

This is the normal operating state. Your website resolves, your email works, and search engines index your content. The domain stays active from registration until the expiry date printed on your WHOIS record.

During this period, you can renew at any time. Most registrars let you extend your registration up to 10 years from the current date. There is no penalty for renewing early, and many registrars offer discounts for multi-year renewals.

Expiry Date

The expiry date is the moment your registration period ends. This date is publicly visible in WHOIS records and is the single most important date in your domain's lifecycle.

After this date, everything changes. Your registrar may park the domain, display ads on it, or simply let it stop resolving. The exact behavior depends on your registrar's policies.

Grace Period (Auto-Renew Grace Period)

Most gTLD registries provide a grace period after expiry, typically 0 to 45 days depending on the TLD and registrar [3]. During this window, you can usually renew the domain at the standard renewal price with no penalty fees.

This is your safety net. If you miss the expiry date, the grace period gives you time to catch the mistake and renew without paying extra.

We cover grace period details by registrar and TLD in our domain grace periods guide.

Redemption Period

If you miss the grace period, the domain enters redemption. For .com and most gTLDs, this lasts 30 days [4]. During redemption, the domain is removed from the DNS and cannot resolve. You can still recover it, but the cost jumps dramatically, often to $80 to $200 or more on top of the standard renewal fee.

Redemption exists as a last resort. It is expensive by design, meant to discourage letting domains reach this stage while still giving legitimate owners one final chance.

Our domain redemption period article breaks down costs by registrar.

Pending Delete

After redemption, the domain enters a 5-day pending delete phase [5]. During this window, the domain cannot be renewed, recovered, or transferred. It is simply waiting to be released.

No one can do anything with the domain during pending delete. It is in limbo.

Available (Dropped)

After pending delete, the domain drops back into the general pool and becomes available for anyone to register on a first-come, first-served basis. Domain investors and automated services watch for high-value drops and often snap them up within seconds.

Once a domain drops, recovering it means buying it from whoever registered it next, often at a steep premium. There is no mechanism to reclaim it just because you previously owned it.

For the full lifecycle breakdown, see our domain registration lifecycle guide.

What Happens When a Domain Expires

Domain expiration triggers a cascade of failures that gets worse with each passing day. Here is the typical timeline.

Day 1: The Domain Expires

Your registrar may immediately park the domain or display a "this domain has expired" page. Some registrars give a short buffer (a day or two) before making changes. Others act immediately.

Days 1 to 5: Website Goes Down

If your registrar parks the domain or changes the nameservers, your website stops loading. Visitors see an error page or a registrar holding page. Any web application, API, or service running on the domain goes offline.

Days 1 to 5: Email Stops Working

This is the one that catches people off guard. When DNS records stop resolving, email delivery fails. Inbound messages bounce. Outbound messages from your domain may get flagged or rejected. If you use your domain for business email, this is an immediate operational crisis.

Your domain expiry and data loss exposure grows with every hour of downtime.

Days 7 to 30: SEO Impact Begins

Search engines will eventually notice your site is down. Google typically gives some buffer before dropping pages from the index, but extended downtime leads to ranking losses [6]. If the domain gets parked with spammy ads, the damage accelerates.

Backlinks pointing to your domain stop passing value. Your domain authority degrades. Recovering SEO rankings after an expiry event can take months, even if you get the domain back quickly.

Days 30+: The Domain Changes Hands

If you have not renewed during the grace period, the domain enters redemption and eventually drops. At this point, someone else may register it. They could use it for anything: a competing business, a spam site, phishing. You have lost control entirely.

Grace Periods Explained

The auto-renew grace period is the buffer between your domain's expiry date and the start of the redemption period. It exists because ICANN recognizes that people make mistakes.

How Long Is the Grace Period?

It varies. ICANN's policy for gTLDs allows registries to offer a grace period of up to 45 days, but the actual length depends on both the registry and the registrar [3].

Here are some common examples:

• .com / .net (Verisign): The registry allows up to 45 days. Most registrars offer 30 to 40 days of grace.
• .org (PIR): Similar to .com, typically 30 to 45 days.
• .io: Grace periods are shorter, often 28 to 30 days.
• .co.uk (Nominet): 30 days after expiry, then a 60-day suspension period before cancellation [7].

What Can You Do During Grace?

During the grace period, you can renew the domain at the standard renewal price. No penalty fees. The domain may or may not be resolving (depends on the registrar), but you still own it and can restore it to full functionality by renewing.

Some registrars keep the domain resolving throughout the grace period. Others park it immediately. Check your registrar's specific policy.

The Catch

Not every registrar is transparent about grace periods. Some registrars effectively shorten the grace period by adding their own internal deadlines. Others charge a "late renewal fee" even during what should be a free grace window. Always read the fine print.

For registrar-specific details, see our guides on domain grace periods and check domain expiry by registrar.

Redemption Period

If the grace period passes without renewal, your domain enters redemption. This is the last chance to get it back, and it is not cheap.

How Redemption Works

The registrar requests that the registry place the domain in "redemption" status. The domain is removed from DNS entirely. It does not resolve at all. WHOIS records show a status of redemptionPeriod.

To recover the domain, you contact your registrar and request a "restore." The registrar submits a restore request to the registry, which involves both a restore fee and a one-year renewal fee.

What Does It Cost?

Redemption recovery fees vary widely by registrar:

• GoDaddy: $80 redemption fee plus renewal [8]
• Namecheap: $110 to $180 depending on the TLD [9]
• Google Domains (now Squarespace): Varies, typically $80+ [10]
• Cloudflare Registrar: At-cost registry fees, which are often lower but still significant

These fees are on top of the standard annual renewal. For a .com domain, you could be looking at $90 to $200+ total to recover a domain that would have cost $10 to $15 to renew on time.

Time Limits

For .com and most gTLDs, the redemption period lasts 30 days. After that, the domain enters the 5-day pending delete phase and you lose all recovery options.

Some country-code TLDs have no redemption period at all. The domain simply gets cancelled after the grace period ends.

Our dedicated domain redemption period guide has a full breakdown, and our when can you buy a domain after expiry article covers what happens next.

How to Check When a Domain Expires

Knowing your domain's expiry date is the first step in preventing accidental lapses. There are several ways to check.

WHOIS Lookup

Every domain has a publicly accessible WHOIS record (unless WHOIS privacy is enabled, in which case the registrar still knows the date). The WHOIS record includes a "Registry Expiry Date" field showing the exact expiration date and time in UTC.

You can perform WHOIS lookups through command-line tools (whois example.com) or web-based services. For domains with privacy protection enabled, WHOIS may show the proxy service's information, but the expiry date is still typically visible.

Registrar Dashboard

Log into your registrar's control panel and look for your domain list. Every registrar shows expiry dates prominently. This is the most reliable method for domains you own, since you are seeing the authoritative data.

The challenge is when you have domains spread across multiple registrars, which is common for organizations that have grown through acquisition or had different teams register domains at different times.

Domain Monitoring Tools

For ongoing visibility, especially across multiple domains and registrars, a monitoring tool polls expiry dates automatically and alerts you as deadlines approach. This is particularly valuable for organizations managing more than a handful of domains.

We walk through all of these methods in our how to check domain expiry guide. For organizations with large portfolios, see bulk domain expiry tracking.

Domain Renewal

Renewal is the act of extending your domain registration for another period. It sounds simple, and it usually is. The problems arise when it is not.

Manual Renewal

You log into your registrar, find the domain, and click "Renew." You choose a renewal period (1 to 10 years) and pay. The domain's expiry date extends by the chosen period from the current expiry date, not from today.

Manual renewal works fine if you have one or two domains and a good memory. It falls apart at scale.

Auto-Renew

Most registrars offer auto-renewal, where they automatically charge your payment method and renew the domain before the expiry date. This is the default recommendation for every domain, and it eliminates the most common cause of accidental expiry: simply forgetting.

Auto-renew typically triggers 1 to 30 days before the expiry date, depending on the registrar. The charge goes to whatever payment method is on file.

Multi-Year Registration

Registering or renewing for multiple years at once reduces the frequency of renewal events and the associated risk. If you know you will need a domain for the foreseeable future, a 5 or 10 year registration means 5 or 10 years before you need to worry about renewal again.

The cost per year is sometimes slightly lower with multi-year registration. More importantly, you are buying yourself time and reducing the number of potential failure points.

Renewal Reminders

ICANN requires registrars to send renewal reminder emails before a domain expires [11]. Typically, you will receive notices at 30 days, 15 days, and 7 days before expiry, and again after expiry during the grace period.

The problem is that these emails often go to an address you no longer check, end up in spam, or get lost in inbox noise. They are a useful signal, but they should not be your only line of defense.

Our domain renewal checklist covers the full process, step by step.

Why Auto-Renew Is Not Enough

Auto-renew is essential. It is also insufficient. Here is why.

Payment Method Failures

Credit cards expire. Debit cards get replaced after fraud. Corporate credit cards get cancelled when employees leave. If the payment method on file with your registrar fails, the auto-renewal fails silently.

Most registrars will retry the charge a few times, but if payment ultimately fails, they treat it the same as a manual non-renewal. Your domain enters the standard expiry process.

Expired Contact Information

If the email address associated with your registrar account is no longer active, you will not receive failure notifications. The auto-renewal fails, the alerts go to an inbox nobody reads, and the domain quietly expires.

This is especially common with domains registered by former employees or contractors.

Registrar Account Issues

Accounts can get locked for billing disputes, terms of service violations, or security holds. A locked account may prevent auto-renewal from processing, even if the payment method is valid.

Domain Locks and Transfer Holds

Some registrars pause auto-renewal if a domain is in a transfer process, under a legal hold, or in certain lock states. These edge cases are rare but real.

The Solution: Layered Protection

Auto-renew is your first layer. Monitoring with escalating alerts is your second. A renewal checklist and regular domain audits are your third. No single mechanism is foolproof, so you stack them.

For a detailed breakdown of auto-renew failure modes, see why auto-renew is not enough.

Domain Monitoring

Domain monitoring means actively tracking the expiry status of your domains and getting alerts when action is needed. It is the difference between catching a problem early and discovering it when your website is already down.

Why You Need Monitoring

If you rely solely on registrar emails and auto-renew, you are betting everything on two systems that both have known failure modes. Monitoring adds an independent layer that watches from the outside, the same way your customers experience your domain.

Monitoring is especially important when:

• You manage domains across multiple registrars
• Domains were registered by people who have since left your organization
• You have acquired domains through mergers or purchases
• You manage domains on behalf of clients
• Any domain is critical to your business operations (so, all of them)

What to Monitor

At minimum, monitor the expiry date itself. A good monitoring system checks the WHOIS-reported expiry date on a regular schedule and alerts you at meaningful intervals: 90 days, 60 days, 30 days, 14 days, 7 days, and daily in the final week.

Beyond expiry dates, consider monitoring:

• WHOIS record changes: Unauthorized changes to registrant information could indicate a hijacking attempt
• Nameserver changes: Unexpected nameserver modifications break your DNS configuration
• Registration status: Changes in domain status codes (like clientHold or serverHold) indicate problems
• SSL certificate expiry: Your SSL certificate has its own expiry date and should be monitored alongside your domain

Escalating Alerts

The best monitoring systems escalate their alert frequency as the expiry date approaches. A notification 90 days out is informational. A notification 7 days out is urgent. A notification on expiry day is an emergency.

Escalating alerts match the urgency to the timeline. Early alerts go to email. Late alerts should go to Slack, SMS, or wherever your team actually pays attention.

For a complete overview, read domain monitoring explained.

TLD-Specific Rules

Not all TLDs follow the same expiry rules. While ICANN sets policies for generic TLDs (.com, .net, .org, .info, etc.), country-code TLDs (ccTLDs) are governed by their respective national authorities and can differ significantly [12].

.com, .net, .org (gTLDs)

These follow the standard ICANN lifecycle. After expiry, there is a grace period (typically 30 to 45 days), then a 30-day redemption period, then a 5-day pending delete, then the domain drops.

Maximum registration and renewal period is 10 years. Auto-renewal is widely supported.

.co.uk, .uk (Nominet)

UK domains follow Nominet's rules, which differ from the ICANN model. After expiry, there is a 30-day renewal period, followed by a 60-day suspension where the domain stops resolving but can still be renewed. After suspension, Nominet cancels the registration and the domain becomes available [7].

There is no separate "redemption" fee structure like gTLDs. Renewal during the suspension period is at the standard renewal price, which is more forgiving than the gTLD model.

See our UK domain expiry guide for the full Nominet process.

.io

The .io TLD is managed by Identity Digital (formerly Donuts/Afilias). Grace periods are shorter than .com, typically around 28 days. Redemption periods apply but may have different fee structures. The .io namespace has had its own controversies around governance, which adds a layer of risk for long-term registration [13].

.de (Germany)

DENIC, the .de registry, operates differently from most. There is no auto-renew concept at the registry level; domains are renewed continuously until explicitly cancelled. Expiry works through a cancellation process rather than a lapse process. The transit period after cancellation is relatively short.

.au (Australia)

Australian domains (.com.au, .net.au) have fixed registration periods and a relatively short grace period. The .au namespace also has eligibility requirements tied to Australian business registration, which complicates transfers and renewals if your business registration lapses.

Other ccTLDs

Each country sets its own rules. Some ccTLDs have no grace period at all. Others have grace periods longer than 45 days. Some do not offer redemption. The only safe assumption is that you cannot assume anything: check the specific rules for every TLD in your portfolio.

Our TLD expiry rules reference covers the most popular TLDs in detail.

Protecting Your Domains

Beyond timely renewal, there are several protective measures you should have in place for every important domain.

Registrar Lock (Client Transfer Lock)

Registrar lock prevents unauthorized transfers of your domain to another registrar. It is a status code (clientTransferProhibited) set at the registrar level. With this lock enabled, a transfer request will be rejected unless you explicitly unlock the domain first.

Most registrars enable this by default, but it is worth verifying. An unlocked domain is vulnerable to social engineering attacks where someone impersonates you and initiates a transfer.

Registry Lock

For high-value domains, some registrars offer registry-level lock (also called "domain lock" or "premium lock"). This adds a manual verification step at the registry level for any changes, including transfers, nameserver updates, and WHOIS modifications. It typically requires phone verification with the registrar and costs extra, but for your primary business domain, it is worth it.

WHOIS Privacy Protection

WHOIS privacy replaces your personal contact information in the public WHOIS database with proxy information from the registrar or a privacy service. This reduces spam, social engineering attempts, and unwanted solicitations.

It does not affect your ownership rights or your ability to manage the domain. It simply keeps your personal details out of public databases.

For a discussion of whether privacy protection is worth the cost, see is domain expiry protection worth it.

Transfer Authorization Codes (Auth Codes / EPP Codes)

When transferring a domain between registrars, you need an authorization code (also called an EPP code or transfer key). Keep this code confidential. Anyone with the auth code and the ability to approve a transfer email can move your domain.

If you suspect your auth code has been compromised, request a new one from your registrar immediately.

Consolidate Your Registrars

If your domains are spread across five different registrars, you have five sets of credentials to manage, five payment methods to keep current, and five dashboards to monitor. Consolidating domains under one or two registrars simplifies management and reduces the chance of something slipping through the cracks.

We cover transfer best practices in our domain transfer safety guide. When transferring domains, you will also want to understand how to change nameservers to avoid DNS disruption during the move.

Know Who Owns What

Maintain an internal record of every domain your organization owns, which registrar holds it, which account controls it, and who has credentials. Domains registered by former employees under personal accounts are ticking time bombs.

Our guide on who owns a domain name walks through how to verify ownership and reclaim domains when needed.

Famous Domain Expiry Disasters

Domain expiry failures are not hypothetical. They happen to large, well-resourced organizations with surprising regularity.

Foursquare (2010)

Foursquare, at the time a rapidly growing social network, let its foursquare.com domain expire in 2010. The site went down, and users were greeted with a registrar parking page. The company recovered the domain quickly, but the incident generated significant press coverage and highlighted how even well-funded startups can miss basic domain management [14].

Sorbs.net (2010)

SORBS, a widely used email spam blacklist service, lost its domain when it expired. Because thousands of email servers worldwide referenced sorbs.net in their spam filtering rules, the expiry caused widespread email delivery problems. The domain was eventually re-registered by a new owner, causing further confusion [15].

Microsoft (Multiple Incidents)

Even Microsoft has let domains expire. In 2003, the company allowed hotmail.co.uk to lapse, briefly disrupting service for UK Hotmail users. Microsoft has had multiple similar incidents across its vast domain portfolio over the years, demonstrating that scale itself is a risk factor [16].

Google Argentina (2017)

Google briefly lost control of google.com.ar when the domain expired and was re-registered by another individual. While this was a ccTLD issue involving Argentina's NIC.ar registry, it showed that even the biggest internet companies are not immune to domain expiry problems [17].

Dallas Cowboys (2010)

The Dallas Cowboys NFL team let cowboysstadium.com expire, and a ticket reseller quickly scooped it up. The domain was used to redirect visitors to competing ticket sales sites. The Cowboys eventually recovered it, but not before losing traffic and sales [18].

The Pattern

These are not small mistakes by careless amateurs. They are organizational failures at companies with dedicated IT teams and substantial budgets. The common threads are always the same: domains managed by individuals rather than systems, contact information that went stale, and no independent monitoring to catch the lapse before it became a crisis.

For more examples and lessons learned, see famous domain expiration disasters.

Building Your Domain Renewal Strategy

Knowing the risks is not enough. You need a concrete strategy. Here is a practical framework.

Step 1: Audit Your Portfolio

List every domain your organization owns. Include the registrar, the expiry date, the account holder, the payment method, and the auto-renew status. If you cannot account for a domain, treat it as at risk.

Step 2: Consolidate Where Possible

Move domains to as few registrars as possible. Fewer accounts mean fewer points of failure. Choose registrars with strong security features, transparent pricing, and reliable auto-renewal systems. Our best domain registrars guide can help with selection.

Step 3: Enable Auto-Renew Everywhere

Every domain should have auto-renew enabled. No exceptions. This is your baseline defense.

Step 4: Verify Payment Methods Quarterly

Set a recurring calendar event to check that the payment method on each registrar account is current. This single habit prevents the most common auto-renew failure.

Step 5: Set Up Independent Monitoring

Use a domain monitoring service that checks expiry dates independently of your registrar. Configure escalating alerts that increase in frequency as expiry approaches. Make sure alerts go to a distribution list or channel, not a single person's inbox.

Step 6: Extend Critical Domains

For your most important domains, renew for the maximum period (10 years for gTLDs). The cost is trivial compared to the risk.

Step 7: Document and Share Access

Store registrar credentials in your organization's password manager. Ensure at least two people have access to every registrar account. Document your domain portfolio and review it annually.

Glossary of Key Terms

If you encounter unfamiliar terminology while managing domains, our domain expiry glossary provides definitions for every term used in this guide and beyond.

A few critical terms worth highlighting:

• Registrar: The company you buy domains from (GoDaddy, Namecheap, Cloudflare, etc.)
• Registry: The organization that manages a TLD's database (Verisign for .com, Nominet for .uk)
• ICANN: The international body that coordinates domain name policy for gTLDs
• EPP code: The authorization code required to transfer a domain between registrars
• WHOIS: The public database protocol for looking up domain registration information
• Grace period: The window after expiry during which you can renew at the standard price
• Redemption period: The window after grace during which you can recover a domain at a premium cost

Next Steps

Domain expiry is entirely preventable. Nobody loses a domain because the technology failed. They lose it because the process failed: stale contacts, expired payment methods, no monitoring, no redundancy.

The tools exist to make accidental domain loss nearly impossible. Auto-renewal handles the common case. Monitoring catches the edge cases. A documented, audited portfolio ensures nothing falls through the cracks.

Your website being down because of an expired domain is one of the most avoidable outages possible. If you notice your website is down and it turns out to be a domain issue, you have already lost time you cannot get back.

Start with an audit. Enable auto-renew. Set up monitoring. Do it today.

References

[1] ICANN, "Registrant Educational Information," ICANN.org. https://www.icann.org/resources/pages/educational-2012-02-25-en

[2] ICANN, "gTLD Lifecycle," ICANN Wiki. https://icannwiki.org/Domain_Name_Lifecycle

[3] ICANN, "Expired Registration Recovery Policy (ERRP)," ICANN.org. https://www.icann.org/resources/pages/errp-2013-02-28-en

[4] Verisign, "Domain Name Registration Process," Verisign.com. https://www.verisign.com/en_US/domain-names/registration/index.xhtml

[5] ICANN, "Registry Agreement: Specification 3 - Registration Data Directory Services," ICANN.org. https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en

[6] Google Search Central, "Moving your site," Google Developers. https://developers.google.com/search/docs/crawling-indexing/301-redirects

[7] Nominet, "Domain renewal and expiry," Nominet.uk. https://www.nominet.uk/domain-support/domain-renewal-and-expiry

[8] GoDaddy, "Renew or restore expired domains," GoDaddy Help. https://www.godaddy.com/help/renew-or-restore-expired-domains-5018

[9] Namecheap, "How do I reactivate my expired domain?" Namecheap Knowledgebase. https://www.namecheap.com/support/knowledgebase/article.aspx/9868/2208/how-do-i-reactivate-my-expired-domain/

[10] Google Domains / Squarespace, "About domain expiration," Google Domains Help. https://support.google.com/domains/answer/6301530

[11] ICANN, "Registrar Requirements: Reminders," Expired Registration Recovery Policy. https://www.icann.org/resources/pages/errp-2013-02-28-en

[12] IANA, "Root Zone Database," IANA.org. https://www.iana.org/domains/root/db

[13] Identity Digital, ".io TLD policies," Identity Digital. https://www.identity.digital/

[14] TechCrunch, "Foursquare's Domain Expires, Site Goes Down," TechCrunch, 2010. https://techcrunch.com/2010/10/05/foursquare-domain/

[15] SORBS domain expiry incident, various news reports, 2010.

[16] The Register, "Microsoft forgets to renew hotmail.co.uk," The Register, 2003. https://www.theregister.com/2003/11/06/microsoft_forgets_to_renew/

[17] BBC, "Google loses control of Argentina domain," BBC News, 2017. https://www.bbc.com/news/technology-39725176

[18] ESPN / various sports news outlets, "Dallas Cowboys lose cowboysstadium.com domain," 2010.