/usr/share/doc/apache2/README.Debian.gz states that:
------------------------------------------------------------------------------
make-ssl-cert generate-default-snakeoil --force-overwrite
To create more certificates with different host names, you can use
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt
------------------------------------------------------------------------------
The second line generates a certificate that fails to pass Firefox's self-signed certificate error, while the first line has no --option to generate a snakeoil cert for a non-hostname virtual host (this host runs different services on different IP addresses and they resolve to a different hostname).
Martin-Éric