Currently, when a certificate is issued, the LetsEncrypt module sets the CN of the certificate seemingly randomly from the domain list and all domains as SAN entries.
It would be great if the CN could ALWAYS be the domain configured as priority 1 in the virtual server's ordered domain list.
I had some customers asking for this too, I think it's important to allow customer to have control of what is used in the Common name and what in SAN.