Okay, apache is a good start,
Already getting lost at this level may not help making things easy to fix it, though we can still try to get you to understand how this works and see if we can find a fix.
The virtualmin setting: “Always redirect to ssl website” makes things work in a way that sites are always using HTTPS as a protocol, ensuring that no one is able to snoop the contents of the connection, and as such keeping the connection contents private between the client and server. ( the web-browser is the client, the server is “the Apache daemon” )
Now often clients do not type explicit httpS:// they just assume that happens automatically. Virtualmin does try to make this happen by “redirecting” a client that connects using http to https. this can be done in 2( actually some more ) ways:
Either the server has configurations for both http and https for all the sites(domains) it hosts, the http part of these sites does not actually serve content, it just “rewrites” the protocol part of the requested url and then redirects the client to the actual server on the https side of things.
Or it has just one “default” http site, that is configured to "rewrite: and then “redirect” the client to the requested url ( site / domain + path ) on the httpS protocol.
Generally speaking the last option is used the most as it makes a lot less configuration needed. To determine where to “redirect” the client a regular expression is used to split the incoming request into its parts, then change the protocol part of that request, merge them back together, and sent the result back to the client informing them to request the new (now httpS) url instead. for some more info on regular expressions look at Apache mod_rewrite Introduction - Apache HTTP Server Version 2.4 it has a more in detail explanation on regular expressions to rewrite rules. though that happens on the server side. the same principle applies for redirects.
the bigger question now becomes how to explain this relatively easy thing that gets complicated very quickly if you do not understand how this is achieved.
As a first step you should figure out how your server is configured to redirect from http to https. you can do that by opening the apache config file ( webmin → servers → apache webserver → tab “global configuration” → button “edit config files” )
In this file you should be able to find a hand full of tags that look like:
<VirtualHost xxx.xxx.xxx.xxx:80> .../ /... ServerName somedomain.com .../ /... </VirtualHost>
if you find more then 1 of those “blocks” that have :80 in them, it means that you have multiple sites that are both responding on http and https. if there is just one “listen :80” and no virtualhost xx:80 blocks" you have just the default domain that does the redirects
Given this support thread in text will take hours to write out and send back and forth on a forum i think you are best served by someone experienced who can real-time help you with some “shared screen and instructions” alike support. Or you have to very quickly deep dive in understanding Apache configuration and it’s directives. ( some google keywords would be: redirect http to https apache multiple virtualhost ) While this is not impossible, it may also break more in virtualmin then you expect, as it all is somewhat linked into one, where virtualmin expects some things to be done a certain way.
the thing you are looking for that is broken / misconfured for the setup looks something like this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
If wanted you could sent me a DM and i may be able to look into this with you in a voice conversation with a shared screen, for example on discord. Given the fact you seem to be running this as a business setup, you may also consider requesting official support from the web/virtualmin team, as that provides you with more guarantees then i can.
Steven.