Renewal Ledger: The Hub for Tracking Domains, Hosting, SaaS, and Plugin Renewals

A renewal ledger is a single, durable record of every recurring asset your team has to keep alive: domains, SSL certificates, hosting plans, SaaS subscriptions, plugin and theme licenses, and any other contract whose lapse becomes someone's incident. The ledger answers four questions for each asset — what is it, when does it renew, who owns the renewal, and what happens if it lapses.

This hub is for lean IT teams, MSPs, and agencies running renewals across many assets and many stakeholders. It groups the existing CertPilot resources on renewal tracking, domain and hosting renewals, SaaS calendars, spreadsheet/Airtable/Notion approaches, ownership, and renewal-risk reviews into one map you can return to whenever the inventory gets messy. CertPilot focuses on public-facing SSL, DNS, and domain renewal monitoring; the renewal ledger pattern in this hub covers the wider portfolio context that those monitors plug into.

Use the free 10-domain agency audit to get a fast portfolio view of SSL, DNS, and domain expiry signals across up to 10 domains, and the free tools index when you need a single check for SSL, DNS, email authentication, public trust signals, or agent-readiness. CertPilot documents every public check it runs in the CertPilot methodology.

This hub is operations guidance, not legal, accounting, tax, financial, security, or compliance advice. CertPilot does not certify compliance with any framework, does not run vulnerability scans, and does not replace contractual or financial review.

Who this hub is for

Most renewal problems are not knowledge problems. They are visibility problems. You probably need a real renewal ledger when:

• More than one person at the company can be responsible for a renewal, and nobody is sure which.
• Renewals are scattered across registrars, hosting consoles, SaaS portals, and individual inboxes.
• Domains were registered on a personal account by a former employee or contractor.
• Auto-renewal "should" cover things but nobody has verified the card on file.
• A client or stakeholder has asked "what do we actually pay for every month?" and the answer required a one-week scramble.

If any of those describes the current state, this hub will help.

What a renewal ledger is

A renewal ledger is a deliberate record, not a folder of invoices. The minimum useful version includes:

• The asset (domain, hosting plan, SSL certificate, SaaS subscription, plugin license, contract).
• The owner inside the team (named person, not a shared inbox).
• The owner of the underlying account or payment method.
• The renewal cadence and the next renewal date.
• The renewal cost in the currency it is billed in.
• Whether auto-renewal is on, and on whose card.
• The escalation path if the renewal fails or is disputed.

The two CertPilot foundations for this pattern are Renewal Ledger for Agencies (the agency-side framing) and Digital Asset Tracking for IT Teams (the in-house IT framing). Both describe the same shape under different ownership models. Renewal tracker columns that matter breaks down which fields you actually need versus which fields look useful but become dead columns.

Why renewal tracking fails in spreadsheets

Spreadsheets are not the problem. The way they are usually used is.

The recurring failure modes:

• One sheet, many tabs, no owner. The file becomes a graveyard within six months.
• Renewal dates entered once, never re-confirmed. The "next renewal" column drifts from reality.
• No alert plumbing. The sheet knows; nobody else does.
• Manual data entry from invoices. Typos and rounded dates accumulate.
• Status columns that grow into a colour-coded fiction nobody trusts.

The fix is not "abandon spreadsheets." It is to treat the ledger as a system: owned, reviewed on a cadence, and wired to a reminder pipeline you actually see. Agency renewal tracking spreadsheet and Google Sheets renewal tracking cover the spreadsheet patterns that survive contact with real portfolios. Spreadsheet formulas for renewal risk shows the small formulas that make the ledger self-flagging rather than self-decorating. Clean renewal data CSV import template is the practical first pass for getting an existing messy sheet into a usable shape.

What belongs in a renewal ledger

The right inventory shape depends on the team. The minimum useful coverage:

• Domains — registrar, registrar account owner, expiry date, auto-renew status, DNS host, payment method.
• SSL certificates — issuing CA, renewal method (ACME / vendor / manual), validation method, where the certificate is installed.
• Hosting plans — provider, plan, billing cadence, payment method, technical owner, business owner.
• SaaS subscriptions — vendor, plan, seat count, billing cadence, account owner, cancellation notice window.
• Plugin and theme licenses — vendor, license key location, sites the license covers, support window vs license window.
• Contracts — vendor, term, auto-renew clause, notice-to-cancel window, renewal owner.

For the agency-leaning version of this shape, see Client asset register for web agencies. For SaaS-heavy teams, the SaaS renewal tracking template and The Renewal Map SaaS calendar template make the cadence the headline rather than the row.

Domains and SSL renewals

Domains and SSL are where missed renewals turn into public outages fastest.

For domains, the practical work is portfolio visibility plus a clear escalation path before a client domain expires. Domain expiry monitoring for agencies walks through the agency angle; Client domain about to expire is the runbook when you find out late; Expired client domain recovery checklist covers what to do when recovery is on the clock. Domain operations guide for agencies and Domain ownership audit for agencies cover the deeper questions of who actually owns the registrar account and the email on the WHOIS record. Registrar access checklist for agencies and Client domain handover checklist for agencies are the artefacts you need at hand when a client or staff change forces a transfer. Domain renewal calendar for agencies and Domain renewal checklist for agencies are the recurring cadence pieces.

For SSL, the renewal ledger holds the metadata (issuer, validation method, owner). The active monitoring layer is the 47-day SSL readiness hub, which covers ACME, CAA, validation method, wildcards, CA fallback, and SSL portfolio monitoring under one roof.

Hosting, WordPress plugins, and SaaS subscriptions

Hosting renewals usually fail in one of two ways: the card on file expires, or the plan renews silently at a higher tier. Domain and hosting renewal checklist for agencies is the per-renewal checklist that catches both. Agency care plan renewal tracking covers the retainer-side reporting.

WordPress plugin and theme licenses are the most commonly forgotten renewal item because the site keeps working after the license lapses — until the next vulnerability disclosure makes the update urgent. WordPress plugin renewal tracker is the pattern for tracking license expiry separately from plugin update behaviour.

For SaaS, the renewal ledger should at minimum capture the cancellation notice window. The SaaS renewal tracking template, The Renewal Map SaaS calendar template, and Notion renewal tracking template all cover SaaS-first cadence patterns; Airtable renewal tracking for agencies is the Airtable-first variant for teams that want relational views without a database build.

Renewal ownership and escalation

The single most useful column in a renewal ledger is the named owner. Shared mailboxes do not own renewals; people do.

For every asset, document:

• Primary owner. The named person responsible for the renewal decision.
• Account owner. The named person whose login or card the renewal actually flows through.
• Backup owner. The named person who takes over when the primary is on leave.
• Escalation contact. The named decision-maker if the renewal becomes a budget or contract question.

Renewal tracker columns that matter walks through how these columns interact. Choose a renewal tracking tool covers what to look for in any tool, spreadsheet or not, when ownership has to live alongside the renewal date. Expirationreminder alternative for agencies is useful background if your team has used ExpirationReminder or a similar tool and is reassessing.

90 / 60 / 30 reminder rules

Reminder cadence is what turns a ledger into a system. The minimum useful pattern:

• 90 days out. Review. Confirm the renewal is still wanted, who owns it, and whether the cost is still right. Most cancellable SaaS contracts have a 30–90 day notice window; this is the only reminder that catches them in time.
• 60 days out. Renew or cancel decision. Confirm payment method, owner, and any budget approval. For domains, confirm the registrar account is reachable and the WHOIS contact is current.
• 30 days out. Final warning. The renewal should already be handled by this point; if it is not, escalate.
• Overdue. Treat as an incident, not a calendar event. Document the cause when it is resolved.

The 90-60-30 renewal rule is the reference write-up; SSL expiry calendar reminders shows how the SSL slice of the same cadence fits into a calendar workflow your team already opens every day.

Spreadsheet, Airtable, and Notion approaches

The best renewal ledger is the one your team will actually update. The three durable patterns:

• Spreadsheet first. Cheap, fast, fragile without owners. See Agency renewal tracking spreadsheet, Google Sheets renewal tracking, and Spreadsheet formulas for renewal risk.
• Airtable. Better when assets have multiple relationships (vendors ↔ owners ↔ clients) or when you want filtered views per stakeholder. See Airtable renewal tracking for agencies.
• Notion. Better when the team already lives in Notion and the renewal ledger has to sit next to runbooks, contracts, or client-facing docs. See Notion renewal tracking template.

For teams comparing tools rather than building from a template, Choose a renewal tracking tool is the criteria list, and Clean renewal data CSV import template is the migration primer when moving an existing list into a new system.

Renewal-risk checklist

A short, recurring checklist for the portfolio:

• Every renewing asset has a named primary owner and a named backup.
• Every domain has a documented registrar account owner and a current WHOIS contact.
• Every hosting plan has a working payment method whose card does not expire before the next renewal.
• Every SaaS contract with a cancellation-notice window is flagged 90 days out, not 30.
• Every plugin / theme license expiry is tracked separately from update behaviour.
• Every overdue renewal is treated as an incident with a written cause.
• The ledger is reviewed on a fixed cadence (monthly is the usual rhythm).

For a deeper structured review, see Renewal risk audit template and Client renewal risk report.

How CertPilot fits

CertPilot's live product covers the public-facing slice of this picture: SSL expiry, DNS health, domain registration expiry, and the alert / digest workflow on top. The renewal ledger pattern in this hub is wider — it includes SaaS, plugins, hosting plans, and contracts that CertPilot does not monitor.

Two non-reporting starting points:

• Free 10-domain agency audit — fast portfolio snapshot of SSL, DNS, and domain expiry across up to 10 domains.
• Free tools index — single-domain SSL, DNS, email authentication, public trust, and agent-readiness checks.

CertPilot does not run vulnerability scans, malware scans, or accessibility audits, and it does not certify compliance with any framework. The methodology page lists every data source and check.

Recommended reading cluster

Grouped by topic for quick navigation:

Foundations

• Renewal Ledger for Agencies
• Digital Asset Tracking for IT Teams
• Client asset register for web agencies
• Renewal tracker columns that matter
• Choose a renewal tracking tool

Domains and registrar ownership

• Domain expiry monitoring for agencies
• Domain operations guide for agencies
• Domain ownership audit for agencies
• Registrar access checklist for agencies
• Client domain handover checklist for agencies
• Domain renewal calendar for agencies
• Domain renewal checklist for agencies
• Client domain about to expire
• Expired client domain recovery checklist

Hosting, plugins, and SaaS

• Domain and hosting renewal checklist for agencies
• Agency care plan renewal tracking
• WordPress plugin renewal tracker
• SaaS renewal tracking template
• The Renewal Map SaaS calendar template
• Expirationreminder alternative for agencies

Spreadsheet, Airtable, and Notion patterns

• Agency renewal tracking spreadsheet
• Google Sheets renewal tracking
• Spreadsheet formulas for renewal risk
• Clean renewal data CSV import template
• Airtable renewal tracking for agencies
• Notion renewal tracking template

Reminder cadence and risk review

• The 90-60-30 renewal rule
• SSL expiry calendar reminders
• Renewal risk audit template
• Client renewal risk report

Frequently Asked Questions

What is a renewal ledger?

A renewal ledger is a single, durable record of every recurring asset a team has to keep alive — domains, SSL certificates, hosting plans, SaaS subscriptions, plugin and theme licenses, and contracts. For each asset it captures what it is, when it renews, who owns the renewal, the payment method, and the escalation path if the renewal fails.

Do I really need a separate ledger if everything is on auto-renewal?

Yes. Auto-renewal silently moves the failure mode rather than removing it. When the card on file expires, when the account owner leaves, when a domain transfer breaks auto-renew, or when a SaaS plan auto-renews at a higher tier, the ledger is what makes the change visible before it becomes an incident.

Spreadsheet, Airtable, or Notion — which is best?

The one your team will actually update on a cadence. Spreadsheets are the cheapest starting point; Airtable is better for relational views; Notion is better when the ledger lives next to runbooks and contracts. The supporting articles in this hub cover each pattern with concrete templates.

How often should the renewal ledger be reviewed?

Monthly is the usual rhythm for the whole ledger, with 90 / 60 / 30-day reminder windows per asset. See The 90-60-30 renewal rule for the cadence rationale.

Does CertPilot track non-domain renewals?

CertPilot's live product monitors public-facing SSL, DNS, and domain renewal signals. SaaS subscriptions, plugin licenses, and contracts live in the wider renewal ledger pattern this hub describes — they are not part of the live monitoring product today.

Is this hub a compliance, accounting, or legal document?

No. It is operations guidance for renewal hygiene. CertPilot does not certify compliance with any framework, does not provide accounting or tax advice, and does not replace contractual review. Treat the recommendations here as operational practice, not a legal, financial, or security audit.

What is the highest-impact thing to do this week?

Pick the ten most critical renewing assets (usually domains and primary SaaS subscriptions), write the named owner next to each, and confirm the payment method is current. Most renewal incidents trace back to one of those three columns being unowned.