HTTPS Links for Sites Without AutoSSL Redirecting to Site With AutoSSL?

I have one site, call it domainwithAutoSSL.com, on a shared IP address set up with AutoSSL. HTTPS is working just fine on that site. None of the other sites on that shared IP address have AutoSSL.

DomainwithAutoSSL.com happens to be a WordPress test site, and I was testing WordFence on it. I noticed that in WordFence's Live Traffic, other sites on the server that share the same IP address were showing up in the logs. All the URLs were HTTPS URLs that various search 'bots were testing.

If I try to browse to one of the HTTPS URLs that's erroneously showing up in the Live Traffic logs, I'm not redirected to domainwithAutoSSL.com. I'm taken to the correct domain and see the expected "Your connection is not secure" message from Firefox, so redirect issues don't seem to be the problem.

I found this post on WordFence's support site, which suggested the problem was with the virtual hosts on my managed VPS. I contacted my web host, and they say that there is no problem with the virtual host setup. They think the issue is with AutoSSL, and suggested I activate AutoSSL on all the sites on that IP, or just use it on domains that have dedicated IP addresses.

Now, it's my impression from reading the docs that AutoSSL should work just fine on a shared IP address, and redirects from non-AutoSSL sites using HTTPS URLs would not be an issue. Is there something I'm missing?

 

I take it back, if I go to one of the non-AutoSSL sites and bypass the security warning, I am taken to domainwithAutoSSL.com, so it appears you have to either be using a dedicated IP address or have to enable AutoSSL for all the sites on a shared IP. Bummer.

So is that the way it's supposed to work, or is something broken?