Sites not correctly isolated?

I have had three separate WP sites installed and running on the same DititalOcean droplet (i.e. the same IP) since v4 was released.

I have just found that when you try to access a new site via its URL, and it isn’t accessible (for whatever reason), then the browser defaults back to the first site installed, with Chrome giving a missing/incorrect SSL warning.

To me, this indicates that either the sites are not isolated correctly or Chrome is up to its usual tricks.

Am I wrong in thinking this and what should I do about it?

This is simply because you point your domain (Domain C) to the IP where your webserver is hosted. So the request goes to your server and if NGINX (EE) picks up the domain (so you’ve set up the site via ee site create) it will correctly proxy/redirect the request to load your webroot (aka your WP site). If the site is not set up it will redirect to the domain to your primary domain (first site).

This is completely normal and has nothing to do with site isolation/security

Actually, the site I was trying to reach had been running for several weeks prior. Something had stopped the site with an error 500 and, I assume, because of this, trying to access it resulted in loading another but unrelated site on the same droplet.