hostname.com vs www.hostname.com

[skerfoot]

I'm slowly working through all the ways to screw up a server.

After struggling with internet connections to my home Lion server, I decided to do what I should have done to begin with and purchase a proper domain name and a security certificate (BTW, if you are going to change your domain name, do yourself a favour and reinstall Lion server and start fresh). I bought a domain name and security certificate from Network Solutions and DynDNS is tracking my dynamic IP.

For a reason I don't understand, Network Solutions insisted that the domain name on my CSR be "www.hostname.com", not "hostname.com". This is causing some problems now that I'm trying to set up iCal accounts. When I'm at home, trying to set up a "hostname.com" account results in complaints that the domain name isn't an exact match. I can tell it to permanently trust the certificate, of course. Using "www.hostname.com" instead doesn't seem to result in a proper connection at all.

From the internet (away from home), "www.hostname.com" seems to work perfectly with no complaints at all.

Some of the computers stay at home, but the macbook pro's and iPhones travel.

Is there something that I should have done differently when setting up the security certificate and, more importantly, is there something that I'm going to regret not fixing now if I go on to set up everything?

Thanks,

 

[ninjadex]

Look into a wildcard certificate. They're generally more expensive, but will be valid for all subdomains on your server, including "hostname.com"

 

[asmiller]

Network Solutions is part of the problem

Look into a wildcard certificate. They're generally more expensive, but will be valid for all subdomains on your server, including "hostname.com"

I have a bunch of domains registered at Register.com and there is no extra cost for "*.hostname.com". In fact you can specify sub-domains to point to different IP addresses, all from a pretty easy to use control panel. I don't work for Register or have any other connection to them, other than being a fairly happy customer.

It should also be noted that they will negotiate renewal prices substantially down from their normal $35/yr. I mention what GoDaddy is doing when I renew and the get down to or very close to GoDaddy prices, $10-$12 a year.

 

[jtara]

I have a bunch of domains registered at Register.com and there is no extra cost for "*.hostname.com". .

Two different things. Domain registration != certificate.

There is no such thing as a "wildcard" domain registration. Or, to put it another way, ALL domain registrations are "wildcard" registrations. You can create hosts or subdomains underneath your domain name, on your DNS server. And THAT has nothing to do with registration either, other than the fact that most registrars provide you with free DNS service, which you can use if you wish or else handle DNS elsewhere. So, USUALLY you create hosts/subdomains at your registrar, but not always.

What the OP is talking about is a security certificate for SSL. A wildcard certificate will work for all hosts and subdomains in a domain. A regular certificate is only for a specific host. There is no reason a regular certificate can't be issued for example.com.

Some issuers will now issue a certificate that works with example.com and http://www.example.com (NOT a wildcard, just these two) at no extra cost.

 

[rwwest7]

If your certificate is for http://www.hostname.com then just rename your Lion server to www. "Hostname.com" is the domain and "www" is the computer name. Like others have said, a wildcard cert will let you create as many virtual hosts on your server as you want. But a standard cert MUST be tied to the one computer name (not domain name) you are buying it for. If your lion server is named bob then you would've needed a cert for bob.domain.com.

You should also be able to "re-key" your cert by generating a new CSR. Just decide on a hostname for your server and then re-key under the new hostname.domain.com address.

 

[felixlvh]

i have domain.com created. but when i enter http://www.domain.com on browser.
it goes to the other page instead of domain.com. can you help?

 

[rwwest7]

i have domain.com created. but when i enter http://www.domain.com on browser.
it goes to the other page instead of domain.com. can you help?

domain.com is a domain and not a host. http://www.domain.com is a host. You should not be creating a site that is just "domain.com". What is the hostname of your server? Or what is the virutal hostname of your site? Put that before domain.com to visit your site.

 

[Apple OC]

domain.com and http://www.domain.com are the same thing ... a place you can buy domains and buy hosting

 

[asmiller]

re: "What the OP is talking about is a security certificate for SSL," you're absolutely right, jtara. I misunderstood what the question was. Feeling like Emily Litella here. Nevermind.

 

[belvdr]

domain.com and http://www.domain.com are the same thing ... a place you can buy domains and buy hosting

I think you took rwwest7's post a bit too literally. He was using domain.com as an example.

 

[burne101]

Look into a wildcard certificate. They're generally more expensive, but will be valid for all subdomains on your server, including "hostname.com"

Wrong. A wildcard-cert is valid for anything with two dots in it:

asdf.example.com would be valid, but example.com has a single dot and won't match *.example.com The technical story is more complex than that, but, this will do as an explanation.

Some suppliers do give you a multiple hostname cert, which includes http://www.example.com and example.com, and these are even cheaper than wildcards and some vendors include them for free.

 

[rwwest7]

domain.com and http://www.domain.com are the same thing ... a place you can buy domains and buy hosting

Sorry, didn't realize http://www.domain.com was a real website. How bout this, http://www.contoso.com is a host named www in the contoso.com domain.

 

[jtara]

domain.com is a domain and not a host. http://www.domain.com is a host.

There's absolutely nothing wrong with having a host at example.com, rather than http://www.example.com. It's strictly a matter of preference. There has been a slow drift from www to non-www since the inception of the web.

example.com is BOTH a domain AND a host. When it is a host, it is referred-to as the "default host" for the domain. It actually took a few years for people to wrap their heads around this.

I prefer non-www. The "www" serves no useful purpose, IMO.

No matter what you do, you should arrange that BOTH www and non-www work. (At least for non-secure sites.) You should redirect to your preference. That is, if you prefer non-www, then also create a DNS entry for www, but have your webserver redirect to non-www, so that the URL bar will read non-www. Or vice-versa. I prefer to use an "A" record for both, rather than a CNAME for one. Actually, you CAN'T CNAME your default host - it must always use an A record. You can CNAME www, but I prefer not to.

Now, there IS a trend going the OTHER way: I beleive that there is a drift toward secure.example.com for SSL. I think that banks, in particular, do this to help reinforce that you are connecting to their "secure site", since there's little visual distinction between "http" and "https", and nobody types-in the prefix any more, anyway.

 

[rwwest7]

I guess if your just running one server then using domain.com is fine. But most companies have more than one web page and it the proper way. Not to mention mail and other business services will the root domain for themselves.

 

[jtara]

I guess if your just running one server then using domain.com is fine. But most companies have more than one web page and it the proper way. Not to mention mail and other business services will the root domain for themselves.

There's nothing proper or improper with either approach.

If you have multiple web sites or services, then it can make sense to use different hosts, like, atlanta.example.com, losangeles.example.com, store.example.com, blog.example.com. These might be different servers in different places, or might all be on the same physical server.

Again, it's a matter of personal preference.

 

[belvdr]

There's nothing proper or improper with either approach.

If you have multiple web sites or services, then it can make sense to use different hosts, like, atlanta.example.com, losangeles.example.com, store.example.com, blog.example.com. These might be different servers in different places, or might all be on the same physical server.

Again, it's a matter of personal preference.

I would say it is a business requirement. For example, let's say the sites are all hosted on one machine. Atlanta can take an outage for a configuration change, but other sites can't for one reason or another. It would be best in this case to have them separate.

Backing up the data could be a reason to go the other way and have it all on one host.

I'd say personal preference would not even be considered in a business case.

 

[jtara]

I wouldn't say it is a business requirement. For example, let's say the sites are all hosted on one machine. Atlanta can take an outage for a configuration change, but other sites can't for one reason or another. It would be best in this case to have them separate.

Backing up the data could be a reason to go the other way and have it all on one host.

I'd say personal preference would not even be considered in a business case.

I would include "business needs" in "personal preference". How you arrange DNS names doesn't impact your ability to partition or not partition the workload by using multiple physical boxes. Maybe it did 15 years ago, but not today.

Google has thousands - probably hundreds of thousands of servers, globally distributed. They are all tied to a single domain name, http://www.google.com. (Yes, Google chooses to go with "www", and, yes, I know, an over-simplification, as they have country-specific sites as well.)

slashdot.org has a more modest number of servers, but nevertheless still has multiple servers. They choose to drop the "www".

It's up to you how you want it. The DNS address does not limit your technical options for partitioning workload. And your choices for partitioning workload do not impact the DNS addressing scheme you choose. (Except for very simplistic partitioning schemes, such as "www1, www2, etc.")

Workload partitioning, redundancy, geographic distribution today are handled using a combination of technologies including DNS Anycast, round-robin DNS, proxy servers, etc. etc. etc.

If you like "www" go with "www". If you don't, don't. Redirect from the one you don't like to the one you like.

 

[belvdr]

I would include "business needs" in "personal preference".

Wow, never heard of that one. I prefer my database servers to be close to my office (personal preference), but business needs specify it must be at the client site.

I wasn't applying any specifics about DNS configuration and operation to my statement.