No CNAME entry needed.
My fix (after much patient help from community here)
I followed this Ghost-CLI - A fully loaded tool for installation and configuration
You then should have two *-ssl.conf entries in your nginx active domains dir;
one will be the original url you setup with and the other will be with or without the www .
Then I selected I went to my ghost directory and set the url I wanted as the primary,
I went for the direct link (I hae no idea of the fancy names for these with wwww and without…)
So at the ghost dir I entered this:
ghost config url https://tidyglass.co.uk
Then I went tinto my nginx directory to the active domain with the www identity / name, and edited the ssl.conf entry as I was directed by @Hannah
I left is as is, all I added was the 301 to the conf file.
return 301 https://yourdomainname.domainextension$request_uri;
(Dont remove the certificate lines like I did, even though I was redirecting I didnt realize you dont delete the certificate lines, though most in this forum would understand not to do this)
I restarted all the services and was good to boot.
Hope you come right :)
On the CNAME helping your spam catching the password resets, from my brief experience and little knowledge of setting up zoho mail mx records, I think it would be text or SPF records that would add legitacy to your email domain and avoid it hitting spam folder.