I was experimenting with an email-only plan for some of our customers when I noticed that the per-site SSL features were disabled for them. The newly created sites didn't have a Manage SSL option in Virtualmin, they also weren't getting a self-signed cert in their home directory, and for services where SSL was used, such as Postfix, they were ending up with master.cf entries referencing (global) server certs/keys that I had specified in main.cf.
I do have SSL enabled for both Postfix and Dovecot in the global Virtualmin Configuration, and of course Apache for the standard mail+web sites/plans. Those settings are more or less at their defaults. My email-only plan features are: Admin user, Virtual IP, Home dir, Mail for domain, and Webmin login. Allowed capabilities: Can manage aliases, users, SSL certificates, make and restore backups, create catchall aliases, change domain's password.
I'm not sure if this is intentional or just an unexpected situation with Apache disabled. I imagine most people don't turn off Apache, but nevertheless it'd be nice to have the SSL features for other services regardless. Would it be possible to check if one or more services have SSL, whether that's Apache/SSL, Dovecot, Postfix, FTP, etc, and enable self-signed cert generation and management so long as the Manage capability is on?