A summary of things learnt this week.
• Don't use Cloudflare if you want SSL.
• If you want SSL the certificate will sit at the root of your domain, so it makes sense to point www there.
When you add a domain in Dreamhost as fully hosted (without which you seem to be limited as to what you can do) it creates some zone file records (some, not many), one of which is the www subdomain. That makes sense, as people tend to see them as being the same thing. However, one of the first questions asked is about keeping root and www separate, forwarding root to www, or forwarding www to root. Please excuse any inaccurate terms. Dreamhost refers to it as "replacing", my registrar talks of permanent forwarding and browser errors talk of "redirects".
I wanted SSL - it's the main reason some of my other sites go through Cloudflare. It's an option on the main screen here. Dreamhost installs a Lets Encrypt SSL certificate on the bare domain, no choice is given. Fair enough, makes sense. No wildcards are supported and the certificates are free, so they can be installed on each/any subdomain. How to put one on www? Not a clue. I couldn't find a way. So if you forward the bare domain to www it shows up as non-secure. This doesn't appear to be explained at all.
Cloudflare - apparently it and Dreamhost are partners. So, if you opt to run through Cloudflare, Dreamhost handles it all for you. On my other sites my registrar's control panel pretty much says "nope, you're using Cloudflare's nameservers, up yours, deal with stuff there". Which is fine, any changes you want can be made in your Cloudflare account. I changed my mx settings, added a load of CNAME entries (as instructed by Fastmail) and all was fine. Setting up Fastmail had been one of the easiest things I've done for some time. With Dreamhost you have to make any changes through their interface. Probably nice and straightforward, but less so for me. Not least because Dreamhost refused to let me add more than one CNAME record. My email works though. Big relief.
Dreamhost will tell you that Cloudflare requires you to forward to www. So you have to select that at the start. Did you want SSL? See earlier. It's on the bare domain, but you will be displaying www. At one point I couldn't even load my site because I got "too many redirects". Cloudflare is no longer enabled.
I don't mean this to sound as if I'm not happy with my hosting; far from it. This is just intended to show the issues I have had. Maybe I was overthinking things. I'm no web designer, just a user with a little knowledge (I know - a dangerous thing).
Of course, I could well be wrong about all of this, but at least I can log in to my (as yet unused) WordPress sites.