diff --git a/certificate/certificates.go b/certificate/certificates.go
index 44931dd50..e5830722d 100644
--- a/certificate/certificates.go
+++ b/certificate/certificates.go
@@ -125,6 +125,7 @@ type CertifierOptions struct {
 	KeyType             certcrypto.KeyType
 	Timeout             time.Duration
 	OverallRequestLimit int
+	DisableCommonName   bool
 }
 
 // Certifier A service to obtain/renew/revoke certificates.
@@ -301,7 +302,7 @@ func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, requ
 	}
 
 	commonName := ""
-	if len(domains[0]) <= 64 {
+	if len(domains[0]) <= 64 && !c.options.DisableCommonName {
 		commonName = domains[0]
 	}
 
diff --git a/cmd/flags.go b/cmd/flags.go
index ebf051ae6..066517229 100644
--- a/cmd/flags.go
+++ b/cmd/flags.go
@@ -16,6 +16,7 @@ const (
 	flgServer                   = "server"
 	flgAcceptTOS                = "accept-tos"
 	flgEmail                    = "email"
+	flgDisableCommonName        = "disable-cn"
 	flgCSR                      = "csr"
 	flgEAB                      = "eab"
 	flgKID                      = "kid"
@@ -88,6 +89,11 @@ func CreateFlags(defaultPath string) []cli.Flag {
 			EnvVars: []string{envEmail},
 			Usage:   "Email used for registration and recovery contact.",
 		},
+		&cli.StringFlag{
+			Name:    flgDisableCommonName,
+			EnvVars: []string{flgDisableCommonName},
+			Usage:   "Disable the use of the common name in the CSR.",
+		},
 		&cli.StringFlag{
 			Name:    flgCSR,
 			Aliases: []string{"c"},
diff --git a/cmd/setup.go b/cmd/setup.go
index 28c2c8eef..fd8038464 100644
--- a/cmd/setup.go
+++ b/cmd/setup.go
@@ -50,6 +50,7 @@ func newClient(ctx *cli.Context, acc registration.User, keyType certcrypto.KeyTy
 		KeyType:             keyType,
 		Timeout:             time.Duration(ctx.Int(flgCertTimeout)) * time.Second,
 		OverallRequestLimit: ctx.Int(flgOverallRequestLimit),
+		DisableCommonName:   ctx.Bool(flgDisableCommonName),
 	}
 	config.UserAgent = getUserAgent(ctx)
 
diff --git a/lego/client.go b/lego/client.go
index 1109e1224..d06956203 100644
--- a/lego/client.go
+++ b/lego/client.go
@@ -53,7 +53,15 @@ func NewClient(config *Config) (*Client, error) {
 	solversManager := resolver.NewSolversManager(core)
 
 	prober := resolver.NewProber(solversManager)
-	certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout, OverallRequestLimit: config.Certificate.OverallRequestLimit})
+
+	options := certificate.CertifierOptions{
+		KeyType:             config.Certificate.KeyType,
+		Timeout:             config.Certificate.Timeout,
+		OverallRequestLimit: config.Certificate.OverallRequestLimit,
+		DisableCommonName:   config.Certificate.DisableCommonName,
+	}
+
+	certifier := certificate.NewCertifier(core, prober, options)
 
 	return &Client{
 		Certificate:  certifier,
diff --git a/lego/client_config.go b/lego/client_config.go
index fdf1a55f8..969135a13 100644
--- a/lego/client_config.go
+++ b/lego/client_config.go
@@ -64,6 +64,7 @@ type CertificateConfig struct {
 	KeyType             certcrypto.KeyType
 	Timeout             time.Duration
 	OverallRequestLimit int
+	DisableCommonName   bool
 }
 
 // createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value