Today I'd like to look at one of the most obvious, but least thought of, reasons for why sites stop working. Plain and simple--it's billing. Drupal may be free* (with an asterisk), but even with an open source CMS, you'll likely be signing up for any number of products and services in order to run your site. Your server, your domain, your SSL Certificate--these are all fundamental in your site's operations. What happens if you don't pay for them?
A cautionary tale
A few years back, not too long after moving back to the US, my home internet went down--and stayed down. No streaming services; no Facebook; no nothing. In this day and age, when the internet goes wrong, it's not just an inconvenience--all life seems to suddenly stop. So you can imagine my level of irritation when I finally said, "this is more than a hiccup--let's give Xfinity a call" (back then, their customer service was only a small level above the experience you have when taking a dump in one of the county fair honey buckets). I don't remember all of the details of the call. I just remember berating this poor customer service rep. The young woman on the other end of the line kept her cool better than I did: "Sir, it seems we've cut your internet service because their was a problem with the credit card we have on file for you; we haven't been able to take payments for the last two months. You should have received notification of this at the e-mail we have on file for you."
- I never check that e-mail...
- My card had expired...
- Duh...
I felt like a monkey's arse.
It doesn't much matter whether it's your internet service, your electricity, or your SSL certificate; when you don't pay for services, they get shut down. When they get shutdown, very often, so does your site.
Just about any company in the world is going to try and get a hold of you when a payment fails. In 2020, though, few if any are going to call you (probably the most surefire way to get a hold of someone). It's cheaper and faster to just send out an automated e-mail. I'd argue that's a problem. I'd also argue that for web services like hosting, domain registration and ssl, this problem is compounded by a fundamental flaw in service pricing: the best prices on these services are often given to those who enroll for the longest terms. A recent renewal with my web-host, for example, was for a 5 year contract; SSL certificates often renew every two years. Let's face it, that's more than enough time for a credit card to expire.
In 5 years, almost every aspect of a small business might have changed. Maybe you recently married and the name on your contact e-mail has changed accordingly (do you have forwarding set up)? Maybe you don't have the same staff managing your accounts. The longer your renewal period, the greater the chance that your billing info is seriously out of date.
Beyond this, maybe those billing reminders just got filtered as spam. Who check's their spam folder every day?
A lot could happen in one, two or five years. There's only one thing that's for sure: if your web services expire, your site's definitely coming down. Here's what that might look like:
Hosting
It's never happened to me, and since terms vary from host to host, what you see when you finally lose your services is likely to also vary. My guess is that, provided your domain is still intact, you'll see something like this:
You'd likely need to check with your host in order to confirm, but it seems reasonable that if your account has been suspended, sooner or later your site files (and database) would be removed from the server. Unless you have backups, there may be no recovering from this kind of situation. You'd need to start anew. Hopefully your domain isn't bundled with your hosting; if you can hold on to your domain and get a new site up quickly, you might not take too hard a hit on the search engines (don't quote me on that).
Domains
Again, I haven't personally experienced having a domain expire while in use, but for domains I've purposely let expire, you can see the exact same browser error referenced above. Very often, domains come with a grace period, though: they'll stay "attached" to you for a short while even after they've expired. Imagine that you're microsoft.com, amazon.com, or google.com; if your domain name expires for failure to pay (it happens to the best of us), and the very next day your domain is back on the market for anyone to buy, your multinational business would go under. Nonetheless, if that grace period is gone, for a really hot domain I wouldn't put it past some domain name registrars to throw the domain back on the market and put up a "domain for sale" page. If you use your site on a somewhat regular basis, it'd be hard not to notice that something's awry before the grace period is up.
SSL Certificate
If your SSL certificate expires, expect to see a security alert in most modern browsers. It's not that your site is gone; it's still there. Rather, the browser tells users: "hey, you can't trust this site, so I won't load it and you shouldn't visit it." If your certificate expires, users are likely seeing this error because you're redirecting them to the HTTPS version of your site; without a valid certificate there, the browser says, "... wait a minute!"
You have two lines of action if your certificate expires:
- Until you can renew your certificate, and depending on how long it would take to renew, you may want to redirect traffic to the HTTP version of your site . It likely won't be enough to simply disable an existing HTTPS redirect; if you've been running a 301 permanent redirect from HTTP to HTTPS for very long, search engines are likely linking to the HTTPS version of your site. Simply disabling the redirect to HTTPS won't stop users from navigating to the HTTPS version of your site (i.e.; from, say, Google, Bing, etc.); these users would still receive a security alert. In this case, you'd want to setup a temporary redirect (307) from HTTPS to HTTP so that you can account for inbound links. Recall that a 301 redirect would tell search engines that your move to HTTP is permanent; unless you plan to abandon SSL altogether, you don't want that.
- Renew the certificate ASAP. If the certificate is fully expired, you may have to issue a new one. Under normal circumstances, this actually shouldn't take very long. You could be back up and running within half a day. Just understand that you may need to verify ownership of your domains once again. Depending on the kind of certificate, that may be as simple as uploading a file to your server or updating DNS; it could also require higher levels of scrutiny.
The Moral of the Story
None of this is particularly fun to clean up. The moral of the story, then, is simple: keep your billing info up to date. A good way to address this issue is to create a map documenting just how big your digital footprint is: something that documents the various services tied to your web presence. That map is almost always bigger than we think it is: it can include domains, hosting, ssl, Adwords, paid integrations, among many other services. A periodic review of which credit cards are used where and who the contact is for each account would go a long ways in ensuring everything stays up to date. Documenting all of this is a pain--yes; it's not nearly as big a pain as restoring services once they're lost, though. Save yourself the embarrassment you'll fee once the world sees your site broken; don't be a monkey's arse.