For certificates in the Web PKI, every name must be listed as a SAN, and (optionally, for compatibility) at most one of these names can also appear as a CN. Because CN is free form text, having software try to figure out what it "means" is undesirable, so for past 16 years or so we've been trying to get rid of this use of X.509's Common Name.
Let's Encrypt will "fix" CSRs that don't ask for any SANs or ask for a CN that's different from the SANs, ensuring it always issues Baseline Requirements compliant certificates in which all DNS names are listed as SANs.
