Since we have two clients right now having this issue, I thought I'd just give a few, quick tips about buying and registering domain names.
The issue is that each client has a shopping cart or secure (SSL) pages on their site. With that, you need an SSL certificate (along with a dedicated IP address since you can't run multiple domains off the same port 443 - but now I'm getting off topic). In order to buy the SSL certificate (typically we, as the host, do this for our clients), an email is sent to the official Administrative Contact on the domain name record. To figure out who that is, you do a whois lookup. That email confirms that they, as the domain name owner, approve of the purchase of the SSL certificate. This is so that you don't get the wrong people buying certificates in your name, trying to spoof your website or something.
The problem is that sometimes the email address that's being used as the Administrative Contact for the domain is no longer a working email account. It was either one from someone who used to be at the company or an old web host or something. At this point, either the contact information on the domain name needs to be changed (which is a good idea because you might get important emails about the domain and if nobody gets them, then the domain could expire or something without anyone knowing about it) or else the email account needs to be reactivated, which isn't always possible - especially if you have changed web hosts.
Usually, it's easy enough to just login to the domain registrar and change the contact information but that could be more problems, too. If, for instance, the person that registered the domain name has left the company, maybe the login information to the domain name registrar has also left with them or is missing. Now, to get into the account at the domain name registrar, you need to fax in all kinds of proof that you are the domain owner. This can take some time and isn't all the fun of a process.
Usually, all of this can be avoided by simply doing one thing. This one tip on managing important login information can literally save you hours and hours of tedious work and frustration - so, from day one, set up and use a webmaster type of email account (or "[email protected]" or "[email protected]" whatever you want - just keep it generic) and you'll be set for the future!
You should register the domain (or later change the Administrative Contact's information) to a generic email account like "firstname.lastname@example.org." This email account should be an alias - which means it's an email account that does not have an inbox but forwards email to another account. When someone leaves the company or something, you can easily change this alias to point to someone else. Or, it's also probably pretty easy to have mail from the webmaster account go to two or more people.
Also, do not let a website design company register the domain name for you (in their name). You will end up in the same situation or even a worse one. They could go out of business or maybe you parted ways on bad terms or something. The domain name is something you / your company should own - not a website design firm.
In addition to making things like SSL certificate purchases easier and quicker, this is a good way to ensure that the domain name does not expire since there are usually a number of email messages sent to the Administrative Contact on a domain name asking them to renew the domain name. We've had several calls over the years from clients saying that their website and email have gone down, thinking there's a problem on our end if we are the web host and it ends up that the domain name had instead expired - the hosting was fine but the domain was not pointing to us because it was not paid for.
One more tip is to create a file somewhere with all important login information - a paper file. Put it somewhere that people would go looking for it if it was needed. Sometimes the old ways are still the best. You can also use this webmaster email account for other important registrations and logins. This way, if someone leaves, all of that important email will get forwarded to the next person responsible for those things. In that file, also include things like the FTP login and website hosting control panel login. When it gets changed, be sure to update that info. A quarterly review of that file is also a good idea.
One last note - you will sometimes see your domain registrar send you emails asking you to make sure that your contact information is up to date. They are required to do this. I think these emails are kind of useless since, if the email address is incorrect, it won't get to the right person and therefore won't get updated - but I didn't come up with that system. Some registrars might send these in the mail, which is a better idea. If you do get these notes, then please check that info over. This is yet another way to avoid having your domain name expire on you.
Domain names are valuable, so protect them and manage them well. You wouldn't buy a bunch of gold, lock it up in a box somewhere and forget where you put the key or what the combination is, right? Keep track of your domains, keep the contact information up to date, know when they need to be renewed and take care of your domain names.