TLSA records enabled?
When enabled, Virtualmin will create TLSA DNS records that are used to publish SSL certificates for this virtual server. Clients can then validate that the expected certificate is presented, which adds an additional defence against man-in-the-middle attacks.