You're running a server now, which means some familiarity with Terminal.app and the command line will eventually be beneficial; whether that's for customizations or for troubleshooting.
Per this discussion, find the certificates you are using in the Sites subdirectory (referenced by SSLCertificateFile), and append the DH to the end of the certificate file.
Launch Terminal.app from Applications > Utilities.
The $ is the command prompt in the following. Don't type it.
First, set your default directory to the Sites subdirectory.
$ cd /Library/Server/Web/Config/apache2/sites/
Then search for the certificate file names:
$ grep -i SSLCertificateFile *
will return some hits, and which should look something like this:
/Library/Server/Web/Config/apache2/sites/0000_any_443_.conf: SSLCertificateFile "/etc/certificates/{yourhostname.example.net}.{hexadecimal string}.cert.pem"
To append your DH to the end of the certificate file, something akin to the following two commands, where the first creates a backup copy and the second appends the dhparam file (shown as /your/path/to/the/custom/dhparam) onto the end of the certificate PEM file.
$ cp /etc/certificates/{yourhostname.example.net}.{hexadecimal string}.cert.pem ~/backup_copy_of_cert.pem
$ cat /your/path/to/the/custom/dhparam >> /etc/certificates/{yourhostname.example.net}.{hexadecimal string}.cert.pem
If there are other certificate files, you'll need to cp to back up those, and then cat to append the dhparam.
I've not tested this sequence as I don't have a Server.app 5 configuration handy.
Internet accessibility has nothing to do with privately-generated certificates. Certificates are certificates, whether the most massively expensive and beautiful mathematics of a top-drawer certificate from the premier vendor of exclusive certificates, or a home-grown certificate. So long as they all track back to a trusted certificate or a trusted root certificate — the certificate authority root certificate, whether commercial or your own — they all work the same, for the same bit-length certificates. It's getting the root certificate loaded into the clients that matters; that is central to the discussion. If you have control over your devices and of those others that will be using and accessing your site, a private CA works just the same as a public one. And you have more control and more flexibility. If you don't have control over the other accessing devices, then do purchase a commercial cert if you want or need SSL/TLS. CAs are selling you the presence of their root certificate in the trusted-certificate stores of various devices, a promise that you've identified yourself to them and that they won't just generate a certificate for somebody else, and some math. The whole certificate system is pretty flimsy, when you understand it.