Apache is notorious for running at all cost.
Which may mean that even thou it is running, the config may not be doing exactly what you think it is or what you want it to do.
I don't see anything particularly wrong with the code you have shown.
I think the problem is elsewhere within your code (where we haven't been shown).
What does this show?: apachectl -S
Note: I'm presuming that you did use, but intentionally left out the lines in your example post with, SSLCertificateFile and SSLCertificateKeyFile
VirtualHost configuration:
*:80 is a NameVirtualHost
port 80 namevhost bottarisistemi.it (/etc/apache2/sites-enabled/bottarisistemi.it.conf:1)
alias www.bottarisistemi.it
port 80 namevhost www.sio4.bottarisistemi.it (/etc/apache2/sites-enabled/sio4.bottarisistemi.it.conf:1)
*:443 is a NameVirtualHost
port 443 namevhost bottarisistemi.it (/etc/apache2/sites-enabled/bottarisistemi.it.conf:33)
alias www.bottarisistemi.it
port 443 namevhost www.sio4.bottarisistemi.it (/etc/apache2/sites-enabled/sio4.bottarisistemi.it.conf:6)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33
And here if I go to www.sio4.bottarisistemi.it all works fine, but going to https://www.sio4.bottarisistemi.it (forcing https into the address bar) obtain a certificate error, that I think correct, but I'm wondering if it is possible to perform a redirect of this (or other) kind, avoiding to request an additional certificate..
Sure, but the certificate does not include www.sio4.bottarisistemi.it or sio4.bottarisistemi.it, is there any way around this?
There is no way to accept (and create a valid) an HTTPS connection to a name that doesn't have a cert that matches the name requested.
The only "way around" is to NOT use HTTPS to that name or get a cert for that name to use.
Well, requesting a new certificate, all works fine!
But my curiosity was “only didactic”, to understand if it was possible by bypassing the new one certificate request.