If you want to test whether it's just the CN being missing, rather than some other aspect of the tlsserver profile, you can try a test with using the default profile but with only domain names greater than 64 characters (which is too big for the CN so Let's Encrypt now omits one).
7 Likes