Virtualmin and Webmin have quite fine-grained ACLs. This is an area that can be intimidating for someone coming from a system that’s somewhat more fixed in how it works (e.g., there’s no direct comparison to WHM and cPanel in Virtualmin…everyone logs into Webmin, and it’s ACLs that determine which users can do what…some folks want to compare Usermin to cPanel and Webmin to WHM, but that’s not accurate, and misrepresents how the pieces fit together). So, bear with me, as there’s a number of answers to your question.
There is no limit to the number of master administrative users. Any user can be granted root level access to Webmin. There are a number of ways to do that. One would be to give the user “ALL” privileges in the sudoers file. Every user that can do everything under suexec will also be given full access in Webmin. In short: a root user in Webmin will automatically be a master administrator in Virtualmin. This is the simplest way to give a system user administrative access to Webmin/Virtualmin.
The other way is to grant a Webmin user full access to Virtualmin in the Webmin Users module (Webmin->Webmin->Webmin Users->Username->Servers->Virtualmin Virtual Servers). A Virtualmin created user cannot become a master administrator, as it’ll get overwritten when making changes within Virtualmin to that user…so create a user just for this purposes in the Webmin Users module (it can be the same username and login as an existing system user). This method is more fine-grained. It is still not necessarily safe from privilege escalation concerns…it would be possible to grant a user access to features that could be used to either gain root or perform limited tasks as root.
But, it sounds like you want something a bit more restricted for your day-to-day Virtualmin usage, which is also possible. Because you have Virtualmin Pro, you’ve got reseller accounts, which can “own” many domain accounts and can switch to them and perform some management tasks on their behalf. That’d be the way to use Virtualmin without root-level access while still being able to manage many domains. By default, a reseller account will not be able to escalate to root. But, they will also be pretty limited in how they can interact with the system…maybe more than you want. That’s customizable, but it is by necessity not a root-level user, and has many limits.
Or, you can create one “main” domain, and create the rest or your domains as sub-servers, and login as the domain owner user.
In either the reseller or domain owner user account case, your user would not have root privileges, and in the general case could not be used to escalate to root privileges (at least not in a default configuration…some Webmin modules can be used in dangerous ways, but the ones that are designed for working with Virtualmin, like File Manager, can be safely granted to users).
If you’re doing this based on security concerns, you may also want to enable two-factor authentication (we support Google Authenticator and Authy as the token generator). There are other options for locking things down, but 2FA seems the best, to me.
The way I use Virtualmin is this:
I have a root level account, which I use for creating my domains, and setting up backups. I rarely login with this user.
I then have a domain, and optionally sub-servers that are related to the parent domain, under an account, which I use to manage that site and its sub-servers. For each “set” of sites I have a login. This workflow developed before the reseller accounts in Virtualmin got as flexible as they’ve become over the past few years…so this is probably not what I’d do today. But, it works, and isn’t terribly inconvenient (and would work the same for GPL or Pro users). You probably want to find your way around the reseller account type, as it’s pretty flexible and pretty safe, and doesn’t usually require you to know too much about how Virtualmin users work.
As for the SSL warning, yes, you’d just want to create a new domain, setup a Let’s Encrypt certificate for it (just a couple of clicks in Virtualmin), and then choose to use that certificate for Webmin, Usermin, and all of the other services Virtualmin manages. That’s also just a couple of clicks to do.
If you run into problems with any of this, you can open up tickets in the support tracker, and usually get a response the same day (sometimes we get behind on the forums, as we’re a small team with a huge user base).