I have used webmin/virtualmin for a couple of years and never really thought about how certificates are handled. But a couple of weeks ago we started a new project and needed to proxy 3 backend servers and use ssl. But it was not possible to get it to work with the certs created using virtualmin. So I got tiredof it, deleted the 3 subdomains and created new ones without creating the ssl web. Installed certbot and using ssh to let certbot create the certs. All 3 domains and the proxied servers worked perfect from beginning.
Just a tip