On Thu, May 24, 2018 at 7:23 AM, Stefan Eissing <stefan.eiss...@greenbytes.de> wrote: > Do we have a configuration option to allow https://hostname/ only to matching > vhosts without any default fallback? > > Scenario: > - a site with vhost A and B > - vhost B is taken out, DNS still points there (for a while) > - browsers opening https://B/ will get the certificate of A and complain > > I do not want to present a "wrong" certificate, I want the SSL connection to > fail. Does that make sense?
I don't think it exists for SSL or non-SSL today -- you have to capture them in the first-listed VH for a address/port combo.