I’m not sure I know what you mean by “root vh”? A domain and a subdomain are just names to every piece of software in the stack except for BIND.
Apache processes things is ascii-betical order on Ubunt (because it has vhosts in separate files /etc/apache2/sites-enabled). In Virtualmin, you an choose one domain (virtual server) to be the default that gets forced into the front of the list of VirtualHosts by renaming the file 00-domain.conf or whatever. On Rocky/Alma/RHEL, Virtualmin moves the VirtualHost sections around to put the “default” one first in the config file. In both cases, it’s the first one Apache sees that matters, which on Ubuntu is ascii-betical based on filenames.
no, I have only toplevel servers
Some days ago I created aacanigr.ecc and abguardievenat.ecc and all my virtualhosts that need TLS1.3 disabled didnt work any more.
A subdomain is just a name. Apache does not treat a second level domain as any more or less important than a subdomain of that second level domain. It’s all just names. Same with Virtualmin, and most other services. There is a case where BIND can be configured to put subdomains into the parent domains zone, if the domains are subservers in Virtualmin, but even that does not make them more or less important or impact configuration of other services.
Be more specific, as that’s a lot of configurations. Anything that has a directory of config files will be read and parsed in ascii-betical (or, probably more accurately Unicode-betical, order). Convention when you need the configs to be read in order is to name them with a prefix of 00, 10, 20, etc. for the order you want them to be read in. You’ll find this in a number of places on Ubuntu.
To answer the question about whether a service is doing this, look in the configuration directory for the service. If you see any numbered files, you know it is. If you don’t see any numbered files, but there is a conf.d or similar, it probably is, but maybe it doesn’t matter (some services don’t care about order of config directives).
Even Apache does not treat the order as important, in the general case. The “default” server matters to some people (the one Apache serves when things don’t quite match up), so Virtualmin has an option for that. We don’t have an option for ordering otherwise (as it doesn’t effect anything). I’m not sure why your problem is happening, as I thought TLS options were configurable on a per-domain basis, but maybe some options have to be set server-wide and whichever is the first domain Apache sees is the one that sets it. (So, making a domain that has the settings you want the “default” would also solve that.)
