Philosophy and Mystery www and non-www, weird question

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I have to now be a webmaster for this client. But seriously why is it so hard to figure out if the primary domain is www or non-www?

I spent past 5 hours and I have hired an Indian developer to explain it to me and I still failed to understand what the hell is going on.

Maybe I have an extremely low IQ.

EVERYBODY keeps saying “oh we switched our website from www to non-www”.
or I keep reading over and over “Oh you have to make your SSL for www bla bla”

The Indian developer told me that I have to have a NS record with and not pointing to the aws name servers.


So the client basically wants his primary domain (watever that means) to be


I spend hours and hours and hours and hours and money on this developer to figure out

  1. what does a “primary” domain technically mean actually?
  2. What is the primary domain in case of this client
  3. when I type, it opens exactly that
  4. when I type, it opens exactly that
  5. Both of them www and non-www, when opened seem to have a certificate

Questions, please answer them by their numbers because I won’t understand this otherwise
1.No matter how much I serach, I can not find a technical explanation what it means which domain is “primary”?
2. Should in this case be connected via NS record in route 53 with nameservers OR should be connnected via NS record in route 54 with nameservers?
3. Why some people keep saying you need ssl certificate for WWW because you made it for non WWW, when BOTH, BOTH urls open as “secure” and they do not get redirected or something funny. THEY BOTH OPEN and if I COPY the URL it copies exactly what put in the bar.

  1. why some people keep saying I have to go to some config file or whatever and change the “url”. I never set that url to non-www to begin with. How come it has appeared there to begin with? In fact when was the URL inserted into the config file to begin with? what the hell? All I did is just create a lightsail instance in aws and then in route 53 connected the name servers with then created a record for that sends it to the ip of that machine and an A alias record for >> that goes to I NEVER inserted ANY url into the linux server wordpress or any config file.
    So lets assume now somehow I made this website to have a freaking “primary” website as WHATEVER that means, then now I have to go and change it to www somewhere in some confg file. FINE! but how? How did that get in there to begin with? I NEVER inserted any of it !!!
  2. COULD it be that the primary domain is the one which points to the IP addres?? so since my A record with points to the IP, I guess that is the primary one?
  3. Some people say, primary is the one which google shows in the results.
  4. Other people say primary is the one whatever links are pointing to on your website, if the links to pages are pointing to then www is the primary one, if it is opposite then the naked one is the primary one!!!
    8 well HOW COME then I have another website where google scanned ONLY www version of pages and YET when you are on that website, all links if you copy them, are actually NAKED???
  5. “How to figure out is primary domain www or non-www”?

GOD!!! this is so frustrating.

I opened around 100 different pages and all I read was
“we changed our webste from non www to www”
“primary www is much better”
“you might want to use www because of other possibilities”
“should your primary domain be www or non www?”

WELL FOR GODS SAKE, why can’t google answer a sinmple question:

“How to figure out is primary domain www or non-www”?
OR simple question
“what does a primary domain mean??”

GOD!!! I am soo angry it is 2 am, I have to wake up at 6 go to work.
I literally slammed my keyboard and wrote a bunch of bzersg weird letters but had to delete it because forum probably does not like that. I just have no way to express my ffrustration with how bad articles explain things and how horrible google is at searching things and how horrible this Indian escaped my questions and said he will talk to me tomorrow.

Please help and please answer those questions one by one with numbers from 1 to 9 otherwise all this confusion wont go away. My head will EXPLODE

I am literally crying and going to my bed going to cry myself to sleep…

With actual DNS resolution there’s not really a concept of a primary or secondary domain, an A or AAAA record points to an IP address all the same.

It sounds like your client just wants the base domain to be redirected to www, that can be accomplished with a redirect. This would depend on your hosting provider and what webserver software they use. If you could mention that here someone could probably point you in the right direction.

That depends on who you ask.
If you ask a salesperson, they would say it is where they make their sales.
If you ask a tech nerdie (like myself), I would say it should be the root/base domain but it depends on what you are talking about.
If you notice, the bigger the company... the shorter than name.
And from there you should be able to find anything and everything that company provides (online).
So is shorter than and would most likely be used in ads and such (nowadays - there was a time that everything had to have "WWW." in front to indicate to those unfamiliar with the web where to find them - as well as the "http://" that has been dropped by most as it is now implied.)

Domains use NS records.
The "www" would not need a specific NS record (as it would be normally covered by its' base domain).

They might have missed the fact that you are basically running to "identical" sites.
Normally one would just run one site and have two names on it (and on its' cert).

I'm not sure I can delve into the minds of others... especially from hear-say.

Don't you have anything better to do?
Aren't both names "pointing" to the same IP?

Some people say "never pet a squirrel".

And they are both right.

There is no wrong answer.
It is whichever you want it to be (for you).

Yes, your question is simple, but the answer... it seems it not so simple for you to grasp.
"http://www." is old-school ("grandfathered in") way of describing a website (a.k.a. your primary domain).
Today that is unnecessary, and so, again,... it depends on whom you ask.
But neither is wrong, neither is better nor worse than the other.
And most people simply chose to include both (as equals).
[So as not to offend anyone nor leave anyone out.]


Welcome to the Let’s Encrypt Community :slightly_smiling_face:

You’re definitely not alone in your frustration. As a web developer and entrepreneur myself, I can say that there’s more to running a website than just technical knowledge. Marketing, image, search optimization, metrics, …

Since @rg305 has done a great job of hitting into a lot of your points, I’ll only add a few things:

  • Think from the visitor/customer perspective. A lot of web browsers are trimming off everything before the base domain name now in the address bar as well as in bookmark titles. Thus, “www.” and “fantastic.” or whatever will not even be visible in the address bar. This is both for appearance, but also for security to prevent spoofing like “” or something fishy like that. It makes recognizing where you are super easy.
  • You absolutely should include the “www.” (or “*.”) on the certificate then redirect to the base name. This is because of badly-written software and “old” thinking that might create broken links to your site. Thus, create a www to non-www redirect to ensure you capture all the traffic.
  • Be CERTAIN to have a <link rel="canonical" ... > in the <head> section of your served content. This will ensure that no matter how someone ends up on the page that it will be known what the correct address for that page is supposed to be.

Just my 2¢.


Waaaay back every subdomain pointed to a single host. www was a separate machine from the ftp subdomain and the smtp subdomain was another machine again. In those times, those servers had less computing power than your average mobile phone nowadays…

If I can remember properly, I think it wasn’t even possible to point a “bare” domain name to an IP address. A FQDN had to contain a subdomain I think. Because of the older layout of host.domain.tld.

But those times are gone :smiley:


Amen! :pray:

I remember a 200 baud modem...


Don’t you have anything better to do?
Aren’t both names “pointing” to the same IP?<<<<<<<≤<

Concerning this, actually I'm not sure?
www.domain through A record indeed points to the server ip.
Non-www however uses alias A record and points to www.domain.

  1. So do they still both point to the same IP.? I mean sure they do but is it the same a sending the non-www directly to the up instead of this alias A record?

  2. So since apparently none of this matters and it's all the same and the primary domain is whatever I like and no technical difference has to be made at route 53 or config files in the server then what does this pretty lady here refer to when she says "My own site ( has been on non-www since its inception. Last month, I changed it to www,"?
    WWW vs. non-WWW: Which is Better for SEO?

using www is easier if you plan to disseminate your domain name/brand offline and it’s not immediately obvious it’s an internet address. Unless you want to add scheme:// before


An A (address) record can only point to an ip address (specifically ipv4).

A CNAME (canonical name) record can only point to a domain name.

The domain name on the left side of a CNAME record is an alias of the domain name on the right side.

The domain name on the right side of a CNAME record is the canonical name of the domain name on the left side.

From the article:

My own site ( has been on non-www since its inception. Last month, I changed it to www, after making sure to get all of my redirects correct. I have seen no change in SEO as a result.

Best if you quote the whole context so as not to confuse anyone. This paragraph tells me two things:

  1. The author does not follow her own advice. (see below)
  2. The author only waited a month.

From the article:

So choose one, and stick with it.

This is the part of the article you should be focused on. Although permanent redirects (301) get you most of the "link juice" from the redirected address, you want to establish canonical addresses that are the official addresses of every page to prevent duplication and confusion and thus watering-down of your search ranking.

My final thought on this article is that I would never hire its author to do anything related to my SEO.


So if A record can only point to an IP how is this possible in my route 53


Perhaps some internal reference which would be dereferenced at the actual DNS server:

osiris@erazer ~ $ dig +trace A
(...)	300	IN	A
osiris@erazer ~ $ 
1 Like

Route 53 has the concept of an alias record, where it looks up the value to return from another record. But it’s just using that as a source to look up the value, when anyone queries the authoritative DNS from Route 53 it just returns the value it looked up and it’s not distinguishable from the outside.

I probably worded that confusingly. Let me give an example. You can have a A record for to return, say, Then you can also set up in Route 53 an Alias record for to return the same value as Then anybody doing an A query for would also see From the outside world, it’s just a coincidence that the two names have the same IP, but Route 53 lets you set it up this way since it can be more convenient to see it that way for some things.

But it’s not a feature of all DNS providers, and the AWS Console can present it in a confusing way. (Really the “new” Route 53 console is pretty terrible and confusing for a lot of things one might want to do.)



OMG :astonished:

Why would they want to confuse their users like that?

1 Like

Well, the alias feature of Route 53 has a couple useful features:

  1. It lets me make an Alias to an AWS service. So if I make a CloudFront distribution (based by S3 or my server or really anything) for, then I can make in Route 53 the A and AAAA records for be an alias for so I don’t need to worry about how Amazon deals with their IPs and it just returns the right IP. It’s not just for CloudFront, but several of the AWS services. It could in theory work just as well as a CNAME, but AWS charges $0.0000004 per query for a CNAME but queries for an alias to an AWS service are free, which I assume means it’s less resource-intensive within the AWS infrastructure somehow to structure it that way.
  2. Since the root of your domain can’t really be a CNAME (maybe it can technically, but it’s a bit weird, and usually you want the MX different from the A/AAAA anyway for the root), you can make it be an alias for your www. name. So you can have have real A/AAAA records and's A & AAAA records be an alias for it, so you only define the “real” IPs in one place and don’t need to worry about changing it in one place and forgetting to change it in the other, or something like that.

It’s a pretty useful feature, it’s just that (like most of AWS) it assumes you already know what you want to be doing, and that the main functionality is through using the API for everything. The AWS Console gives you an overview of everything but doesn’t always present well what it’s doing or how to best use the functionality that’s there.



Makes sense.

That’s just… :face_vomiting:


I need to put up a toll booth !
How can I get in on such a deal? - LOL

1 Like

As explained - that entry/pic shown is all smoke and mirrors.
That may be “what” it is doing but not “how” it is doing it.

1 Like

I don’t recall a 200 baud version…

1 Like

I could be remembering the number wrong. It was covered in dust next to my Commodore 64…