We are using cert bot tool to generate / create multi domain certificate from Let's Encrypt CA. we are using following command create CSR config file to generate CSR: Example of csr file is: default_bits = 2048 # RSA key size encrypt_key = no # Protect private key default_md = sha256 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings prompt = no # Prompt for DN distinguished_name = server_dn # DN template req_extensions = server_reqext # Desired extensions [ server_dn ] countryName = CountryName # ISO 3166 stateOrProvinceName = StateName localityName = CityName organizationName = OrgName organizationalUnitName = UnitName commonName = domainname.tld # Should match a SAN under alt_names [ server_reqext ] basicConstraints = CA:FALSE keyUsage = critical,digitalSignature,keyEnci