gee, I’m spreading the
answer in no way
here, everything is simple
Since the entire Internet is one big crutch on a crutch with a crutch,
we have at one time had no idea in tcp / ip to have something other than numbers
when the question arose RFC was already written
so we got the dns service as a crutch to alphabetic IPs.
Now, when the question arose about the end of IPv4, and even a little before that, in Apache, the question arose of how to hang two sites on one port and ip,
which naturally does not comply with RFC or the port or ip itself
, there was an excellent solution, Apache parses YOUR http refery (from the client browser) chooses domain from it and on the basis of this substitutes the config you need in accordance with ServerName
but then another SSL crutch appeared
that occupies its port, now a drum roll .....
You opened port 443 and hung 1 site on it
BUT the IP is open The port is open and this is Apache
For what reason, when accessing 2 domains, he should send it in the forest ?
What do you think about SSL first? Data transmission over the channel or a key from it?
correct key.
Therefore, the web server physically cannot know whether to send you to the forest or not, because he cannot take your referee without a key, and there is no key until there is a referee.
Therefore,
as soon as you have 1 site with ssl on your server,
all other sites also receive ssl
But you say I didn't give them the key. Yes, but he cannot receive a single byte of information through this channel, including what the site is.
And here the web server makes a very logical decision.
It takes the Closest key, the nearest letter for example 000-default.conf
takes these keys and inserts them into all sites for which it could not find the keys immediately.
That's the logic bro.
What to do to
disable ssl on 1 of the sites is physically impossible.
You can do the following
1 certificate by name sorting should be default.
and in the default config code 400 should be given to all requests.
Don't forget to check the box that it's solved.