Generating dhparams can take a measurable amount of time... which is somewhat annoying to the impatient. If you use the `--dsaparam` flag, the generation time is significantly decreased, with little effect on security: https://security.stackexchange.com/a/95184
Yes generating dhparam file takes alot of time on slower systems. When I was trying to optimise the dhparam file generation, I did consider the --dsaparam flag. But security isn't as good. See comment in same link you posted at https://security.stackexchange.com/...ting-after-24-hours/95184#comment421230_95184 and /docs/man1.1.1/man1/dhparam.html the bold highlighted part So what I did was only generating a strong dhparam file for the first Nginx vhost generated on Centmin Mod 123.09beta01 or higher versions. Subsequent Nginx vhosts generated will check if dhparam file is already generated, and reuse the same dhparam file from initial first Nginx vhost generated dhparam file - the specific routine that does this centminmod/centminmod. It's a compromise to balance speed versus security. example for domain1.com Nginx vhost generated dhparam.pem at /usr/local/nginx/conf/ssl/domain1.com/dhparam.pem Code (Text): ls -lah /usr/local/nginx/conf/ssl/domain1.com/dhparam.pem -rw-r--r--. 1 root root 424 Apr 4 2017 /usr/local/nginx/conf/ssl/domain1.com/dhparam.pem technically for speed, you can do what @rdan suggests. Just take an existing Centmin Mod Nginx generated dhparam.pem and place it in /usr/local/nginx/conf/ssl/dhparam.pem for Centmin Mod Nginx vhost routines to find. So right after initial Centmin Mod install, run this command Code (Text): openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 to pre-create the dhparam so that Nginx vhost creation routine can pick up dhparam.pem file.