Transferring a .fi domain after expiry

Figuring out how to do something on the spot after it’s too late is never fun. A domain name I’m responsible for expired recently and suddenly the organization using it was without a web site and email forwarders. How could I let this happen? I wasn’t looking. Why wasn’t I looking? Because I implicitly assumed without thinking that the registrar would let me know by email before letting the domain expire. Not this registrar.

The registrar and hosting provider we were using is a single person shop in rural Finland. It has provided cheap service for us for many years. Not ”cheap but good”, mind you: just cheap. I’ve been responsible for the web stuff in our volunteer organization for a couple of years now, and this is the third time we’ve had a big outage. Time to switch.

How transferring works

It used to be, that when you registered a .fi domain, you got an authorization key, which consisted of several numbers, from the registry. In this case the registry is a branch of the Finnish government called Ficora. The authorization key was a persistent password of sorts that was the same from one registrar to another. The domain name has been registered all the way back in 1999, so when I started looking after the web stuff I didn’t have the key. Since this wasn’t my first rodeo with this provider, I had gotten a hold of the key in the previous round of downtime.

Getting the key

I am not the contact of record with the registry, the previous maintainer is. (I should really look into getting that changed). The way to get the authorization key was that I called the registry, and they mailed (the dead trees kind of mail) the key to the previous web person, who promptly delivered it to me at a party half a year later. I could have called them and gotten it sooner, but at that point in time I wasn’t transferring the domain because the downtime had gotten resolved before getting to that.

This time around I thought I was prepared, I had off site backups, I had the authorization key, in short: everything.

Not really

As you may have noticed from the past tense: the authorization key is worth jack all nowadays. The current system since fall 2016 is to get a single use transfer key consisting of random ASCII characters (numbers, alpha characters, special characters) you get from the previous registrar. Feeling no inclination to message the bad registrar and wait for them not to respond I again called the registry.

I still wasn’t the contact of record, but this time the interaction was a bit faster to do, as they emailed the key to the previous maintainer and I called them to forward it to me. I input that key to the transfer form at Gandi and BAM: ”Error, previous registrar refused transfer”.

At this point the whois database reflected the move to Gandi, but Gandi themselves showed the transfer as not being completed. I sent a message to Gandi support and received a whole lot of silence, followed by a ”we have forwarded your request to the appropriate team”, followed by a whole lot of silence.

Thinking ”fine, let’s try another registrar” I then filled out a transfer form with a Finnish registrar that had a phone number listed in the support section. I put in the name of the domain, some contact details and the transfer key I had and got another error. The astute reader might have noticed that at no point did I mention getting another single use transfer key. That’s because I hadn’t noticed the slight change of wording from ”authorization key” to ”transfer key”, and thus didn’t know that the new keys were single use only.

No matter, I knew what to do: just call the registry again, get them to email one more key, call the previous web person once again and get on with my life. Only if it were so simple. With the previous call they had provided the key with no questions asked, because the domain was expired and there was no registrar on record. This time as far as they were concerned, the domain was at Gandi and I should ask them for the transfer key. Only if after 5 days they hadn’t provided the key could I ask the registry directly for the key.

Not having 5 days to spare, I resigned myself to having to work it out with Gandi. I let the third registrar know that I won’t be needing them after all and tried to rush Gandi to just fix the transfer in their end. Sending emails didn’t seem to move the process along, but then I remembered something, and here comes the part of this post that provides an actual useful tip you can implement in your own life (if you are a Gandi customer):

The current Gandi site has less functionality than the old site, but you can still access the old site at The crucial piece of functionality missing from the new site is the live chat support. I got hold of a person through the live chat and they could do some manual magic to complete the transfer. After that it was a simple matter of installing the sites from backups, setting up DNS records, and inputting forwarding addresses for emails.