Let’s say my server’s public IP is 99.99.99.99 and my domain is example.com. I’m hosting my domain with Cloudflare.
I installed Virtualmin on Ubuntu 18.04, and I could access the admin panel’s UI via https://99.99.99.99:10000.
I then switched my web server to Nginx, and then created a new virtual server with example.com. I then pointed my domain to 99.99.99.99 with Cloudflare’s proxy on. I also installed a SSL successfully for example.com (under Virtualmin > Server Configuration > SSL Certificate). https://example.com is working perfectly fine.
Now, I added a subdomain A record for example.com with Cloudflare’s proxy off (so it’s pointing to my server’s actual public IP, which is 99.99.99.99). Let’s say the subdomain is myserver.example.com.
I then changed my server’s hostname to myserver.example.com (Webmin > Networking > Network Configuration > Hostname and DNS Client and “Update hostname in host addresses if changed?” is checked), saved & applied the configuration, and restarted Webmin using cli /etc/init.d/webmin restart
Simply issue the certificate for myserver.example.com as well and update it for Webmin, so it could read/use it. Have a look at Webmin Configuration/SSL Encryption.
myserver.example.com is accessible on a new web browser with the advance option popped up and asked me to “proceed anyways”. I don’t know why it’s blocking me on Chrome.
I then purchased a new SSL for myserver.example.com and installed it on Webmin. The current certificate tab under ( Webmin Configuration -> SSL Encryption) is showing the correct SSL authority info, which is not Cloudflare. I changed the port to one of the supported ports by Cloudflare’s free plan, and I disabled the Cloudflare proxy for myserver.example.com (so it’s pointing to my server’s public IP).
However, when I visited https://myserver.example.com:port again, the browser still said my SSL certificate is invalid. I noticed the browser’s invalid SSL is from Cloudflare… I then tried to visit https://myserver.example.com:port on Cloudflare’s Flexible, Full, and Full (strict) mode for SSL. None of them worked.
I did some research and found out that as long as your domain is hosted on Cloudflare, you can only use their SSL certificates even if you switched off the subdomain’s proxy.
I guess the only way you can setup a SSL for Webmin/Usermin/Virtualmin is to go for the Enterprise plan on Cloudflare so that you can use their Cloudflare Spectrum feature? But that will be expensive…
I don’t understand why you’d point the DNS for the Webmin subdomain to Cloudflare? Just point it to the IP of the server, and don’t go through Cloudflare for that subdomain.
My domain’s DNS (ns1.xxxx.comns2.xxxx.com) is pointing to Cloudflare, so that I can use their free SSL, CDN and other security features for my main website which is hosted on the virtual server created in Virtualmin. And the subdomain (which is the A record) was also pointing to the IP of my server.
The problem was any connections going to that subdomain was also going through Cloudflare’s CDN. Thus the Cloudflare’s SSL certificate would automatically be applied through the connection.
I had another SSL, which was issued by another authority (not Cloudflare). It was installed on my Webmin server (not the virtual server account for my main site). My private key on my Webmin server did not match Cloudflare’s SSL certificate, which only matched the other private key on my main site.
I ended up registered a new domain for my server and used that SSL from another authority. I didn’t point that server domain to Cloudflare, and it’s working fine now.
Oh! You’re sending all DNS requests to Cloudflare. That makes it a question for Cloudflare. I wouldn’t want them to handle my DNS, but your solution also works.