SSL, DNS, and Performance Problems

glennjoe44 · September 17, 2025, 2:43pm

Hello everyone, I’ve been running my website on a VPS with Virtualmin for a few months now, but I keep hitting roadblocks that I can’t seem to resolve. The site itself is a restaurant-related site (mostly menu pages, coupons, and blog content), and while it generally works, I’m experiencing recurring issues with SSL, DNS resolution, and overall site performance. I wanted to explain everything in detail to see if someone here can point me in the right direction.

The first issue is SSL. I’ve set up Let’s Encrypt through Virtualmin, and while the certificate installs correctly, I often get browser warnings from visitors that the site is “not fully secure.” After digging deeper, I noticed that some subdomains (like www. vs. root domain) don’t always get included in the certificate. I tried reissuing certificates and manually checking the “Request certificate for domain and all subdomains” option, but it doesn’t always stick. This causes trust issues with visitors who expect a secure connection on every page.

Second, DNS propagation seems unreliable. I’m using Virtualmin to handle the DNS zones, but some users report that the site doesn’t resolve for them, especially internationally. When I run DNS checks, sometimes it passes, and sometimes I see failures on specific resolvers. I’ve double-checked my registrar settings to ensure the nameservers are pointed correctly, but I’m still not confident the way Virtualmin is serving DNS is consistent. I’m wondering if I should offload DNS to a third-party provider like Cloudflare instead of relying on the built-in BIND setup.

Performance is another headache. Despite enabling PHP-FPM and tweaking Apache settings in Virtualmin, the site feels slow during peak hours. Occasionally, I’ll even get 502 or timeout errors, especially when multiple users are trying to access the menu or coupon pages that rely on database queries. I’ve checked server load and memory usage, and while the spikes are noticeable, they shouldn’t be high enough to crash the site. I’m unsure if Virtualmin’s default configuration is optimized for WordPress-based sites, or if I should be switching to Nginx for better performance.

Another odd problem I’ve run into is email deliverability. I set up email through Virtualmin with Postfix, but outgoing emails (like contact form notifications or user registrations) often land in spam. I’ve enabled SPF, DKIM, and DMARC in the Virtualmin panel, but it doesn’t seem to fully solve the issue. Some testing tools even say my DKIM record is malformed, even though it was auto-generated. I can’t tell if this is a misconfiguration on my part or something specific to how Virtualmin handles DNS and email.

Finally, I keep seeing minor inconsistencies in Virtualmin’s UI compared to the actual system state. For example, the panel says Apache is running when it’s clearly down, or it shows quota usage incorrectly. Restarting Webmin/Virtualmin sometimes fixes these, but not always. It makes it harder to trust what I’m seeing in the dashboard. Has anyone else experienced these types of issues? Should I be focusing on fine-tuning Virtualmin itself, or is it better to let it handle the basics and outsource things like DNS and email to specialized providers? Any guidance or step-by-step troubleshooting would be hugely appreciated, because right now I feel like I’m constantly patching one issue only for another to pop up. Sorry for the very long thread.

Steini · September 17, 2025, 3:03pm

I’ve been using Virtualmin for quite a while, manage my DNS, and have SPF, DKIM, and DMARC enabled – the full works! PHP-FPM is always kept up to date, with Apache running in the background. SSL certificates are requested automatically and on time via LE.

I use wildcard certificates (for subdomains), even though the general advice is not to do so. Since I run a powerful server with a high-bandwidth connection, I’ve never experienced bottlenecks in website performance up to now (including a booking system for a hotel chain, various cybersecurity tools, and a busy Discourse forum).

Unfortunately, I can’t provide you with the solution you’re hoping for, but I’d suggest outsourcing the DNS – let a third party handle it, and you’ll have fewer headaches. Is your server and internet connection performant enough?

What’s the domain name? That way we could give you more support and check ourselves where the problems are coming from. If you’d rather not share it:

What does your DKIM DNS record look like?
How about the other DNS records (SPF, DKIM, DMARC)?
Have you checked the usual logs to see if there are any irregularities or errors showing up?

Just to at least make a start in offering you some guidance.

Tactikast · September 17, 2025, 8:59pm

You shall put the whole list of subdomains, which shall go through SSL.

Virtualmin > Manage Virtual Server > Setup SSL Certificate > Let’s Encrypt > Domain names listed here (Every additional/custom subdomain shall be listed here: "MySubDomain.Domain.com MySubDomain2.Domain.com" …. )

Let’s encrypt work this way, it doesn’t offer wildcard certificate (If I remember well). It’s unrelated to Virtualmin.

If you have a Domain Name provider, and clearly setup the “A” record there, it shall works. If it doesn’t, contact THEIR support. It’s unrelated to Virtualmin.
More over as @Steini said, You didn’t provide the spec of your Server, neither the name of your site. How could we check ? Doesn’t hesitate to share it, as long as the content is harmless/legal, it’s ok.

Still WordPress is the opposite of optimised. It’s always slow and always ask an enormous amount of power. This is due to the way it works, so it’s not surprising some of your user are having trouble when then try to reach your server (Even more if the hosting/domain name provider don’t correctly do the job).

You also said you was tuning Apache, more you will tune it more their will be problem for you.
Lastly, I’m not sure if there is a misunderstanding, but you asked if you shall switch from Virtualmin to Nginx. It’s not related. You can switch from Apache (But I don’t think it will fix the current problem) and keep Virtualmin.

Your mail will always fall in the spam if you didn’t setup correctly the necessary records (and there are a lot for mail) and possibly if your IP isn’t on the Right list

None of this is related to Virtualmin.

Never got it. But if you try to tune everything while you don’t understand clearly what you are doing, it can only lead to a lot of problems.

Still we need at least the spec, the site and some pictures may help. Lastly You didn’t mention how much member you have on your platform ?

Joe · September 17, 2025, 11:41pm

One problem per topic, please.

https://forum.virtualmin.com/guidelines

jimr1 · September 18, 2025, 5:44am

yes it does

dimitrist · September 18, 2025, 8:07am

sometimes this is due to website hard links. did you check those insecure resources? some old websites had ‘http://’ hardlinks in theme files/db, and as a result browsers will show warning when loading those resources..
so, nothing to do with virtualmin. either you didn’t include www.domain in the cert when created, or you have a website that needs hardlinks (http://) fixing…

Joe · September 18, 2025, 5:38pm

Virtualmin supports wildcards if Virtualmin is managing DNS (either locally or in a cloud DNS service).

jimr1 · September 18, 2025, 5:43pm

True however from what I read it was intimated that virtualmin could not request a wildcard certificate, where as it can as long as all the ‘hoops’ are jumped through. I tend to just produce a list of domains that the certificate should cover rather than using wildcard certificates. Less headaches

glennjoe44 · September 21, 2025, 12:57pm

glennjoe44:

Hello everyone, I’ve been running my website on a VPS with Virtualmin for a few months now, but I keep hitting roadblocks that I can’t seem to resolve. The site itself is a restaurant-related site (mostly menu pages, coupons, and blog content), and while it generally works, I’m experiencing recurring issues with SSL, DNS resolution, and overall site performance. I wanted to explain everything in detail to see if someone here can point me in the right direction.

The first issue is SSL. I’ve set up Let’s Encrypt through Virtualmin, and while the certificate installs correctly, I often get browser warnings from visitors that the site is “not fully secure.” After digging deeper, I noticed that some subdomains (like www. vs. root domain) don’t always get included in the certificate. I tried reissuing certificates and manually checking the “Request certificate for domain and all subdomains” option, but it doesn’t always stick. This causes trust issues with visitors who expect a secure connection on every page.

Second, DNS propagation seems unreliable. I’m using Virtualmin to handle the DNS zones, but some users report that the site doesn’t resolve for them, especially internationally. When I run DNS checks, sometimes it passes, and sometimes I see failures on specific resolvers. I’ve double-checked my registrar settings to ensure the nameservers are pointed correctly, but I’m still not confident the way Virtualmin is serving DNS is consistent. I’m wondering if I should offload DNS to a third-party provider like Cloudflare instead of relying on the built-in BIND setup.

Performance is another headache. Despite enabling PHP-FPM and tweaking Apache settings in Virtualmin, the site feels slow during peak hours. Occasionally, I’ll even get 502 or timeout errors, especially when multiple users are trying to access the menu or coupon pages that rely on database queries. It’s a bit like being at a Texas Roadhouse restaurant on a Friday night—when the place is packed, you really feel the strain on service unless everything is running smoothly behind the scenes. For a smoother dining experience at Texas Roadhouse, you can click here to check their waitlist system. I’ve checked server load and memory usage, and while the spikes are noticeable, they shouldn’t be high enough to crash the site. I’m unsure if Virtualmin’s default configuration is optimized for WordPress-based sites, or if I should be switching to Nginx for better performance.

Another odd problem I’ve run into is email deliverability. I set up email through Virtualmin with Postfix, but outgoing emails (like contact form notifications or user registrations) often land in spam. I’ve enabled SPF, DKIM, and DMARC in the Virtualmin panel, but it doesn’t seem to fully solve the issue. Some testing tools even say my DKIM record is malformed, even though it was auto-generated. I can’t tell if this is a misconfiguration on my part or something specific to how Virtualmin handles DNS and email.

Finally, I keep seeing minor inconsistencies in Virtualmin’s UI compared to the actual system state. For example, the panel says Apache is running when it’s clearly down, or it shows quota usage incorrectly. Restarting Webmin/Virtualmin sometimes fixes these, but not always. It makes it harder to trust what I’m seeing in the dashboard. Has anyone else experienced these types of issues? Should I be focusing on fine-tuning Virtualmin itself, or is it better to let it handle the basics and outsource things like DNS and email to specialized providers? Any guidance or step-by-step troubleshooting would be hugely appreciated, because right now I feel like I’m constantly patching one issue only for another to pop up.

Thanks a lot for taking the time to share your experience and suggestions. It really helps to hear from someone who has a similar setup running smoothly, especially with SSL, PHP-FPM, and the mail stack. I hadn’t considered going the wildcard certificate route, but that actually sounds like it could simplify my SSL issues since some of my problems seem to come from subdomain coverage being inconsistent. I also agree with your point about outsourcing DNS—after dealing with the unpredictability of Virtualmin’s BIND setup, I’m leaning more toward moving to Cloudflare or another managed DNS provider just to eliminate one variable from the troubleshooting equation.

As for server performance, I’m on a mid-tier VPS that should be more than capable of handling the current traffic, but the random spikes and 502 errors make me think either the configuration needs tuning or something isn’t optimized for WordPress under Apache/PHP-FPM. I’ll double-check the logs as you suggested to see if there are any recurring errors that might explain the bottlenecks. On the email side, I’ll pull my SPF, DKIM, and DMARC records and share them for feedback—since testing tools have flagged issues with my DKIM entry, I suspect that’s a weak spot. Your feedback gave me a clearer direction, and I’ll report back once I’ve made changes to DNS and SSL to see if that stabilizes things.

Tactikast · September 21, 2025, 3:06pm

Again it’s not related to Virtualmin

the configuration needs tuning or something isn’t optimized for WordPress

Probably none of these

running smoothly, especially with SSL, PHP-FPM, and the mail stack

Mate ! Near everyone here have SSL, PHP-FPM, and the mail stack working …. This is the very basics , If it was not 98% of the community wouldn’t be here

Still in case of, “mid-tier VPS” is far to be clear about the spec (And it’s suspicious you don’t want to share it, same for the site, especially considering the length of your post). So guessing what it could be I would say it might not be enough for WordPress (Especially with the mention of “VPS”).

Same you didn’t gave any detail about your “DNS”. And it usually doesn’t bring anything to don’t use your registrar (even more if you don’t have traffic, at least for the main domain), considering whatever it will go through.

No harm, don’t get me wrong, and I’m not English so it might be me. But according to me you are, partially, doing it the “wrong way”.

Tactikast · September 21, 2025, 3:18pm

Still, about DNS, didn’t noticed it but with virutalmin 7.4 (and none other) there is currently:

Sorry if I missed it