Virtual Server Migration where Hosting Server is a Subdomain of the Domain in one of the Migrated Virtual Servers

I ran into a situation where an existing Ubuntu 18.04.6 LTS server running Virtualmin and Webmin started running out of space. So I decided to move some virtual servers to a new server similar to the first one. Let’s call the new server to distinguish it from the old one

My normal approach to provisioning a new Virtualmin / Webmin server is to:

  1. Create the server, install Webmin and Virtualmin, get the SSL for the control panels running under a Lets Encrypt certificate for it’s FQDN.
  2. Migrate a virtual server from the old server to the new server.
  3. Get an additional Lets Encrypt certificate for the migrated virtual server.
  4. Enable SSL on the webserver within the migrated virtual server and move the content from the http to the https website.

In this case, I decided to move my company’s own web presence to the new server first, so that we took the downtime hit if things didn’t go perfectly.

The problem I ran into is that the new Webmin / Virtualmin server is named and the first migrated virtual server happens to contain the parent domain for that subdomain, in this example called

The Lets Encrypt certificate for covering Webmin and Virtualmin is set up and works correctly. But when I migrated the virtual server for to the new hosting server, and got the Lets Encrypt certificate issued for it correctly, as soon as I enabled SSL on that website, my browser started reporting “This Connection is Not Private” for the Virtualmin / Webmin control panel.

The certificate being presented is for the parent domain, not the subdomain.

Why is this happening? How should I have set this up, so the certificate presented by Webmin and Virtualmin remains


–Dave Aiello

OS type and version Ubuntu 18.04.6 LTS
Webmin version 1.990
Virtualmin version 6.17-3
Related packages Not sure what you want here

Before I answer your question, I feel the correct workflow should be step 4 followed by step 3. That is, enable SSL for a virtual server, then apply SSL certificate.

Now, to your question about why the domain is interfering with the subdomain, did you perchance ask for a wildcard SSL for the domain? It may be that Virtualmin intelligently chooses the higher level certificate when it finds a subdomain present.

I am just guessing here…

I only can tell it should be possible to have more servers with same main domain name but then different subdomain as hostname.

But only one could have serve the real main domain as virtualserver!

I have myself: there on

and second box only there the

DNS external services pointing the right stuff.
Also SSL TLS and DKIM DMARC working on both servers where main mailserver is the hostname where it is on. So must be working here one on centos 7x and other alma 8x vmin 6.x

Problem is maybe if you migrate the main domain from one to the other box, you have to take care of the dns that takes time to resolv. and ist must be deleted afterwards ofcourse from old box, where you must take care the hostname stays.

Oyea while i use external dns services i had no problem with resolving times, while i did the dns 1 day before if installed the second server. set ttl time some day’s before moving / migrate on 5 minutes or so

I didn’t do a migrate / move but used it for extra box / hostname, and only did put the virtualserver from the start on the second with anc the ssl letsencrypt for it and copy that to services.

So maybe you should start in that way, then if fully running, move the maindomain from old box to new box.

Wildcards letsencrypt not working here i think for hostname subdomain and maindomain for doing migrations!

Also i think to have no problems reconize the right ssl cert ( and dkim on hostname) , that was why i decided to use a own real virtualserver as so no subserver / alias here!

At ssl configuration if i did it right? i have:
"SSL certificate file /home/hst2/ssl.cert
SSL private key file /home/hst2/ssl.key
Web server hostname Issuer name R3
Issuer organization Let’s Encrypt Expiry date May 25 09:15:22 3022 GMT
Certificate type Signed by CA
Other domain names,,,,
Used by services Webmin (, Usermin (host, Dovecot (host, Postfix (host

The new hosting server, which I’ve been calling, was working as far as I was willing to test it, before I tried to move the virtual server containing to this new hosting server.

The big issue is that the established lets encrypt certificate for, which was being asserted when I connected to to access Virtualmin, was no longer asserted once the digital certificate was requested and installed and the SSL website for was enabled.

With the SSL website enabled for, the certificate asserted when trying to access is the certificate for, not a wildcard certificate.

When I turn off the SSL website for and hit “Save”, I see the following message:

Save Server in domain

Are you sure you want to save the domain The following features have been selected for deletion:

Apache SSL website: All Apache directives in the SSL virtual host will be removed.

The confirmation button below that message says “Yes, Save Now”.

Once that process is completed, the certificate is again correctly asserted when I try to access Virtualmin.

Can’t help sorry , i do no migrations on virtualmin. (sofar)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.