What will show in browser if I set under ISP only Email domain and some email account + default dns zone (using wizard) without create any site in Sites tab?
This depends on where you point the IP address of the domain in dns as the webserver of a domain does not has to be the same server than the mail server. If it points to the same server, then the default vhost (or first vhost) of the system will show up.
In created dns zone I have A record points to IP of my server where is ISP. But in /var/www/ I haven't any directory related to this domain. This same in /etc/apache2/sites-enabled - no .vhost file. In this case probably first site will show, so I have to create vhost for it.
Exactly. Could you tell me how avoid showing first vhost (would be better to show default vhost or ISP vhost)? I have this same problem when some site lost LE SSL cert (due to some renewal problems). Then I have to add exception in browser and then first vhost appears in browser.
The solution is to create a vhost that is always first. Add a new website with domain name 000default.tld which will works as default / catchall vhost then.
Always first on the list of websites, right? Is it possible to create some redirection to - for example - ISP main page? Now I am thinking about something like: 1. Create some catchall vhost. Should it be real domain with dns zone? 2. From this vhost setup redirect 301 to ISP main page. Btw this solution is also for sites which lost theirs LE SSL certs and browser redirect them to first vhost?
You can do in that vhost whatever you want. If you want to redirect from there to another website or URL, then add a redirect in that site.
Should it be real domain with dns zone? Btw this solution is also for sites which lost theirs LE SSL certs and browser redirect them to first vhost?
I mean not enable ssl for this specific site under non-existent domain. Problem is with LE SSL due to renewal problems for few another sites. In result cert of course expire, then browser shows information about add exception and after adding exception browser shows first vhost. I would like to avoid it. And I asked about this solution would work in this case.
You have to enable SSL for this site and create a self-signed cert as the domain does not exist. It can't catch requests on port 443 (SSL) otherwise.
Is it possible under ISP or manually in console - how to do this properly? Besides is it possible to avoid redirection to first vhost or just avoid any redirection if some site will lose ssl cert?
In ISPConfig, ssl tab of the website. Not in as far as I know, this is a behavior build into apache and nginx and not ISPConfig.
SSL tab require put some information: "SSL Action: Create certificate" is only one field which need to be filled?
Detailed step by step instructions that show you how to create a self-signed SSL certificate can be found in the ISPConfig manual.
Hmm, honestly I am not sure it's default behavior of apache/nginx. Please check ogdolls.pl and then check https://ogdolls.pl. In first case website will open without problem. In second case website will not open, browser will throw some information about "bad ssl certificate" and will ask about add exception. After adding exepction in browser you will see https://ogdolls.pl but without green padlock, because it's not trusted due to add exception. There is no redirection to some another website.
The site just uses a wrong ssl cert. The mechanism in the background in Apache is always the same and I described you what this mechanism is. When apache does not find a matching vhost, then it will use the first best matching vhost on that IP, this can indeed be the same website, so what you posted is not unusual nor does it collide with the explanation that I have given.