A change introduced in version 0.5.0 caused the client to accidentally scramble the domain list. Before that, the first domain passed via --domain would end up being the Common Name.
There’s a fix for this which will probably be included in 0.6.0. You can either wait for that release, try to downgrade to a 0.4.* release (you’d probably have to do a developer installation and use the v0.4.2 git tag), or generate your own CSR with the correct Common Name and use it via --csr.
Issue and PR with the fix for your reference: