I have installed DA a few dozen times trying to understand the SSL situation. Most of what your provider told you isn't required since it is default now. Those instructions also mix the requirements for server hostname certificates and hosted domain certificates.
When I first install the server I use the following to set up a self-signed cert for the server so that credentials aren't sent in the clear (IMO it should be automatic for DA by default):
Code:
/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
cd /usr/local/directadmin
./directadmin set ssl 1 restart
After a restart, I can login to the DA server by IP address, accept the self signed cert, and continue to create another admin account or add the domain. After the domain is added, and DNS is resolving for the server hostname, I follow the steps here for a Let's Encrypt cert for my server:
After this, you can go to User mode, SSL Management, select the domain, then chose the Let's Encrypt cert type (wildcard or specific domains). NOTE: this is for hosted domains only not the server hostname (that was accomplished earlier). After that completes, you can go and rebuild the conf files for Exim and Dovecot which should then pick up the right certs.
It is important that various forms of DNS and test caching can mess with you, so check only when you think everything is right, otherwise cached results of an incomplete setup may be returned.