Domain Tracker6 min readMay 26, 2026
Domain Management Checklist for Web Agencies
A practical checklist for agencies managing client domains. Set up monitoring correctly once and never get blindsided by an expired domain, failed SSL, or DNS hijack again.
Domain Management Checklist for Web Agencies
Client domain emergencies are avoidable. An expired domain, a failed SSL certificate, or an unexpected DNS change should never catch you off guard. This checklist covers everything you need to set up at the start of each client engagement.
When You Take On a New Client Domain
Initial Audit Checklist
Add to ElasticDomain:
- Add domain with type CLIENT
- Assign to client workspace (or client folder if using shared workspace)
- Run Full Domain Scan (250 credits) — establishes baseline
- Note expiry date from WHOIS tab — calendar it separately if under 90 days
- Note SSL expiry and certificate issuer
Review scan results:
- SSL certificate is valid and not expiring within 60 days
- WHOIS shows expected registrar and domain status (clientTransferProhibited is good)
- DNS records match client's expected configuration
- No blacklist hits
- Security headers: HSTS present at minimum
- Domain is responding (uptime check passed)
If issues found immediately:
- Document all findings in your project management tool
- Prioritize: SSL expiry under 30 days = urgent; blacklist hit = urgent; expiry under 60 days = next steps
- Brief client on any critical issues before proceeding
Alert Setup Per Client Domain
Set up these alert rules for every client domain:
Expiry alerts:
- Domain expiry at 90 days (early warning)
- Domain expiry at 30 days (action required)
- Domain expiry at 14 days (urgent)
- Domain expiry at 7 days (critical)
SSL alerts:
- SSL expiry at 30 days
- SSL expiry at 14 days
- SSL Certificate Changed (detects unexpected replacements)
Security alerts:
- Blacklist Detected
- Nameserver Changed (critical — indicates DNS control change)
- DNS Record Changed (for critical domains — can be noisy on shared hosting)
Notification routing:
- Critical alerts (expiry <14 days, blacklist, nameserver change) → your team Slack
- All alerts → agency email inbox
- Optionally add client contact email to expiry alerts at 30 days
Ongoing Monitoring Schedule
Daily (automated):
- Full domain scan runs automatically
- Alert rules evaluate on each scan completion
Weekly (manual review, 5 minutes):
- Check activity feed for any alerts fired this week
- Note any domains with health score below 70
Monthly:
- Generate PDF report for each client workspace (2 credits)
- Email report to client contact (or include in monthly status update)
- Check WHOIS for any upcoming renewals in next 90 days
- Verify all SSL certificates have more than 45 days remaining
Annually (or when contract renews):
- Confirm client still wants you managing domain renewal
- Verify registrar login credentials are current
- Confirm billing method for auto-renewal is active and not expired
- Review all DNS records — remove any stale records from decommissioned services
Handling Domain Renewals
60 days before expiry:
- Confirm with client that domain should be renewed
- Verify auto-renewal is enabled at registrar
- Check payment method on file with registrar is not expired
30 days before expiry:
- Verify renewal has processed (WHOIS should show new expiry date)
- If not renewed: escalate to client and manually initiate renewal
- Trigger manual scan after renewal to confirm new date appears in monitoring
After renewal:
- Trigger manual scan to confirm updated expiry date
- Update your project management records
Client Reporting
What to include in monthly domain reports:
- Domain expiry dates and days remaining
- SSL certificate status and expiry
- Health score trend (improving, stable, degrading)
- Any alerts fired in the past month
- Upcoming renewals in next 90 days
- Any blacklist events (with resolution status)
How to generate:
- ElasticDomain Dashboard → Reports → New Report
- Select client workspace or folder
- Choose PDF format
- Generate and download
Tip: Pre-schedule these reports so they arrive in your inbox on the 1st of each month automatically.
Emergency Response Checklist
If a client domain expires:
- Log into registrar immediately
- Renew during grace period (normal price) or redemption period (higher fee)
- Verify DNS resolves after renewal (may take up to 48 hours)
- Trigger manual scan to confirm
- Document root cause (auto-renewal failure, payment issue, etc.)
- Fix the underlying issue so it cannot recur
If SSL certificate expires:
- Log into server or hosting control panel
- Renew/reissue certificate
- Confirm certificate chain is installed correctly
- Test in browser: https://clientdomain.com should show green padlock
- Trigger manual scan in ElasticDomain to confirm SSL tab shows valid cert
If DNS changes detected:
- Immediately review DNS tab in ElasticDomain — what changed?
- If change was unauthorized: contact registrar and DNS provider, rotate credentials
- If change was intentional but undocumented: document it now
- Set up Nameserver Changed alert if not already present