Phantom vhost forwarding from example.com to example.net

Question

I'm running apache2 on Ubuntu 16.04 LTS, and Let's Encrypt Certbot for SSL certificates.

I have two domains. Regardless of http or https, www or non-www, I want them to land at https://example.com and https://example.net respectively.

I have 4 .conf files per domain: HTTP WWW, HTTP NON-WWW, HTTPS WWW, HTTPS NON-WWW. HTTPS NON-WWW should always be the final result.

Site 01: example.com

http://example.com -forwards to- https://example.com [OK]
http://www.example.com -forwards to- https://example.com [OK]
https://www.example.com -forwards to- https://example.com [OK]
https://example.com works as expected [OK]

Site 02: example.net

http://example.net -forwards to- https://example.net [OK]
http://www.example.net -forwards to- https://example.com [ERROR]
https://www.example.net -forwards to- https://example.net [OK]
https://example.net works as expected [OK]

I would like http://www.example.net to forward to https://example.net, not https://example.com

My .conf files:

##Site 01: example.com - HTTP NON-WWW .conf##
    <Directory /var/www/html/example.com/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:80>
        ServerName example.com
        DocumentRoot /var/www/html/example.com/public_html

        ErrorLog /var/www/html/example.com/logs/error.log
        CustomLog /var/www/html/example.com/logs/access.log combined

        RedirectMatch permanent ^/(.*) https://example.com/$1
    </VirtualHost>

##Site 01: example.com - HTTPS WWW .conf##
    <IfModule mod_ssl.c>
    <Directory /var/www/html/example.com/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:443>
        ServerName www.example.com
        DocumentRoot /var/www/html/example.com/public_html

        ErrorLog /var/www/html/example.com/logs/error.log
        CustomLog /var/www/html/example.com/logs/access.log combined

        RedirectMatch permanent ^/(.*) https://example.com/$1

        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
    </IfModule>

##Site 01: example.com - HTTPS NON-WWW .conf##
    <IfModule mod_ssl.c>
    <Directory /var/www/html/example.com/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:443>
        ServerName example.com
        DocumentRoot /var/www/html/example.com/public_html

        ErrorLog /var/www/html/example.com/logs/error.log
        CustomLog /var/www/html/example.com/logs/access.log combined

        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
    </IfModule>

##Site 02: example.net - HTTP WWW .conf##
    <Directory /var/www/html/example.net/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:80>
        ServerName www.example.net
        DocumentRoot /var/www/html/example.net/public_html

        ErrorLog /var/www/html/example.net/logs/error.log
        CustomLog /var/www/html/example.net/logs/access.log combined

        RedirectMatch permanent ^/(.*) https://example.net/$1
    </VirtualHost>

##Site 02: example.net - HTTP NON-WWW .conf##
    <Directory /var/www/html/example.net/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:80>
        ServerName example.com
        DocumentRoot /var/www/html/example.net/public_html

        ErrorLog /var/www/html/example.net/logs/error.log
        CustomLog /var/www/html/example.net/logs/access.log combined

        RedirectMatch permanent ^/(.*) https://example.net/$1
    </VirtualHost>

##Site 02: example.net - HTTPS WWW .conf##
    <IfModule mod_ssl.c>
    <Directory /var/www/html/example.com/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:443>
        ServerName www.example.com
        DocumentRoot /var/www/html/example.net/public_html

        ErrorLog /var/www/html/example.net/logs/error.log
        CustomLog /var/www/html/example.net/logs/access.log combined

        RedirectMatch permanent ^/(.*) https://example.net/$1

        SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
    </IfModule>

##Site 02: example.net - HTTPS NON-WWW .conf##
    <IfModule mod_ssl.c>
    <Directory /var/www/html/example.com/public_html>
        Require all granted
    </Directory>

    <VirtualHost *:443>
        ServerName example.net
        DocumentRoot /var/www/html/example.net/public_html

        ErrorLog /var/www/html/example.net/logs/error.log
        CustomLog /var/www/html/example.net/logs/access.log combined

        SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
    </IfModule>

Answer 1

You simply have a typo in one of your virtual hosts:

    ServerName www.example.com
    DocumentRoot /var/www/html/example.net/public_html
    ...
    RedirectMatch permanent ^/(.*) https://example.net/$1

The ServerName is wrong. You don't have a virtual host set up for www.example.net at all because of the typo. That means that www.example.net falls back to the default (first) virtual host. That is why it gets redirected to the wrong thing.