Why a Site Suddenly Goes Down — Domains, DNS, and Certificates
A site that was working fine suddenly won’t open one day. No one changed the code and the server isn’t down, yet all you get is a screen like “Can’t connect to this site” or “Not secure.” Surprisingly often, this happens because a domain or certificate renewal was missed.
In this post, I’ll unpack, without any code, what the domain we use every day is, how typing an address reaches the site, and why a site stops when its domain and certificate expire.
A domain is an address that’s easy to remember #
Every computer on the internet has a numeric address called an IP address. But it’s hard for a person to memorize a string of numbers every time. So we use an easy-to-remember name instead, and that’s the domain. An address like schoolofweb.net is a domain.
A domain isn’t something you buy and own outright; it’s closer to renting it for a set period. Through a registrar, you rent it by paying a yearly fee, and you have to renew before the term ends to keep using it. Miss the renewal and the borrowed name is returned, so that address can no longer reach the site. This domain expiration is the first common reason a perfectly fine site suddenly goes down.
DNS turns the name into a numeric address #
A domain is only a name people read; the actual computers still find each other by numeric address. So you need a directory that turns the name into a number. The thing that does this is DNS.
DNS stands for Domain Name System. The word “system” is there for a reason: it isn’t a single converter that swaps one name for one number, but a vast scheme of directories scattered across the world that all work together.
Think of a phone book. Just as you look up a phone number from a person’s name, the browser takes the domain and asks DNS, “what’s the numeric address for this name?” The browser then connects to the address DNS returns, and only then does the site open. From typing the domain in the address bar to the page appearing, this lookup happens in the blink of an eye.
A domain is a hierarchy split by dots #
Let’s break www.schoolofweb.net at the dots and read it from the right. The rightmost .net is the top-level domain, called the TLD (Top-Level Domain) in English; .com, .net, .org, and .kr are examples. Next, schoolofweb is the name we register and rent, and the leading www is a subdomain created under that name. It’s thanks to this hierarchy that you can keep several addresses like blog.schoolofweb.net just by changing the front part.
The answer comes in steps, not all at once #
It would be nice if one phone book covered everything, but the internet has hundreds of millions of domains, so no single place can memorize them all. So DNS finds the answer by going through directories from the largest unit down to the smallest. First a root directory says, “.net is handled over there”; the directory in charge of .net says, “schoolofweb.net is the responsibility of this nameserver”; and finally that nameserver hands over the actual numeric address. This last nameserver is the very one you point to on your registrar’s screen, and the domain’s real address book lives here.
A nameserver holds records #
Each line written into a nameserver is called a record. There are several kinds; the ones a non-developer runs into most often are these:
- A record: connects a name directly to a numeric IP address. It’s the most basic entry.
- CNAME record: connects a name to another name, such as sending
www.schoolofweb.nettoschoolofweb.net. - MX record: points to which mail server should receive email sent to this domain.
- TXT record: holds a short note for things like ownership verification or mail authentication.
Open a registrar or DNS management screen and you’ll see exactly this list of records. Connecting a site to a new server often comes down to changing the A record’s numeric address to the new server’s.
So if you misconfigure DNS, the domain itself is fine but it points somewhere wrong or reaches nothing at all. A site being briefly unstable right after moving to a new server or changing addresses is because the updated records take time to spread across the internet. This spreading of changed records across the world is called propagation, and it can take up to a day.
A certificate vouches for the seal and the identity #
In an earlier post, I explained that HTTPS seals the communication with encryption, and a certificate vouches for that seal. This SSL certificate, like a domain, has a validity period.
A certificate usually has to be renewed at set intervals. Miss the renewal and let it expire, and the browser decides it can no longer trust the seal and throws a loud “not secure” warning. The site itself is alive, but visitors turn away at the red warning screen. The second common reason a site looks like it suddenly went down is this certificate expiration. These days certificates are often set to renew automatically, and when that automatic renewal goes wrong, the same problem appears.
The three work together #
In short, three things have to line up for a site to open safely: the domain, DNS, and the certificate. The domain name has to stay active; DNS has to point that name to the correct numeric address; and the certificate has to be valid for the connection to stay sealed. If even one of the three is off, the site doesn’t reach the user no matter how fine it is. The answer to “I didn’t even touch the code, so why did it go down?” usually lies in one of these three.
Why this makes work easier for non-developers #
- You can narrow down the cause. When a site won’t open, you don’t assume it’s always a development problem; you can first think of common causes like domain or certificate expiration.
- You can keep up with renewals. Knowing that domains and certificates have expiration dates, you can set reminders ahead of time and prevent incidents.
- You understand migration work. You can see why “it takes time to propagate” comes up right after connecting a new domain or moving a server.
Wrapping up #
Today we looked at common reasons a site suddenly stops, through three words: domain, DNS, and certificate. A domain is a borrowed name that’s returned when it expires, DNS guides that name to a numeric address, and a certificate vouches for the seal but has a validity period. All three work quietly in normal times, but the moment a renewal is missed, they bring a site to a halt.
If you’d like to know more about the seal and certificates, read What the Padlock in Your Address Bar Protects; if you’re curious about the servers and deployment all of this runs on, read Servers, the Cloud, and Deployment.