I am a newbie at this whole apache server stuff but your situation is one of the many things that I need to figure out before I can start hosting my own sites on my own server.
I have searched a bit for a solution to the problem but have yet to find the perfect answer. Two things are coming into play:
1) In a virtualhost scenario, if a request is received for a server name that is not defined it defaults to the first virtualhost.
2) The server name being requested is not available in the SSL packet.
In your setup, you have one virtualhost on port 80, and one SSL virtualhost on port 443? But the server name isn't available with SSL - so all port 443 traffic will be sent to the first (default) virtualhost.
I found one solution to the problem. Setup one virtualhost specifically on port 80 something like ipaddress:80 then setup a regular host specifically on port 443 - ipaddress:443. This will keep people from getting the wrong page, but the trade-off is that inputing the other domains with the https protocol will get a server not found error - not the ideal solution.
I came up with my own solution to this problem, but I haven't tested this fully so proceed with caution :)
<VirtualHost www.example.com> **** LITERALLY USE "EXAMPLE.COM
ServerName www.example.com **** LITERALLY USE "EXAMPLE.COM
What I am doing is sending all unknown traffic to my dummy example.com domain. Lastly, use a 301 redirect in an .htaccess file in the example.com domain to redirect all https://domain.com back to [domain.com...] and everybody should end up where expected.
Like I said though, I haven't fully tested this so if anyone sees any glaring over sites or a better idea I would love to hear them!