Make cert request CN optional and disabled by default.

Author: webprofusion-chrisc

src/Certify.Models/Config/CertRequestConfig.cs

@@ -178,6 +178,11 @@ public CertRequestConfig()
         /// </summary>
         public bool EnableFailureNotifications { get; set; } = true;
 
+        /// <summary>
+        /// If true , indicates CN should be set in the CSR
+        /// </summary>
+        public bool? IncludeCN { get; set; } = default!;
+
         /// <summary>
         /// In the case of ACME, the primary challenge type this request will use (eg. http-01) 
         /// </summary>

src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs

@@ -1556,10 +1556,14 @@ public async Task<ProcessStepResult> CompleteCertificateRequest(ILog log, Manage
 
                         var csrInfo = new CsrInfo
                         {
-                            CommonName = includeCommonName ? (commonNameIsDns ? _idnMapping.GetAscii(config.PrimaryDomain) : config.PrimaryDomain) : null,
                             RequireOcspMustStaple = config.RequireOcspMustStaple
                         };
 
+                        if (config.IncludeCN == true)
+                        {
+                            csrInfo.CommonName = includeCommonName ? (commonNameIsDns ? _idnMapping.GetAscii(config.PrimaryDomain) : config.PrimaryDomain) : null;
+                        }
+
                         order = await orderContext.Finalize(csrInfo, csrKey);
                     }
                 }