Currently when a host is pointed to it that doesn't have a vhost entry, Apache will try to serve a certificate for the wrong host (which happens to be the first alphabetical). This is in spite of the fact that the
ServerName in the vhost conf doesn't match.
If I try to create a default SSL vhost it will fail (apache2 exits) because it doesn't have a cert.
All the certs are LE and installed using certbot.
So my questions are:
Why does Apache use that config even thought the
How can I set it to simply deny the connection instead of the above?