diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
index 49688da0..eb810c53 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
@@ -64,6 +64,7 @@ public class CSRBuilder {
     private final List<String> namelist = new ArrayList<>();
     private final List<InetAddress> iplist = new ArrayList<>();
     private @Nullable PKCS10CertificationRequest csr = null;
+    private boolean hasCnSet = false;
 
     /**
      * Adds a domain name to the CSR. All domain names will be added as <em>Subject
@@ -212,6 +213,10 @@ public class CSRBuilder {
     public void addValue(ASN1ObjectIdentifier oid, String value) {
         if (requireNonNull(oid, "OID must not be null").equals(BCStyle.CN)) {
             addDomain(value);
+            if (hasCnSet) {
+                return;
+            }
+            hasCnSet = true;
         }
         namebuilder.addRDN(oid, requireNonNull(value, "attribute value must not be null"));
     }
diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
index a5cf5b50..071e9c16 100644
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
@@ -189,7 +189,7 @@ public class CSRBuilderTest {
         builder.addValue("CN", "firstcn.example.com");
         assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com");
         builder.addValue("CN", "scnd.example.com");
-        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,CN=scnd.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
+        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
         
         builder = new CSRBuilder();
         builder.addValue(BCStyle.C, "DE");
@@ -199,7 +199,7 @@ public class CSRBuilderTest {
         builder.addValue(BCStyle.CN, "firstcn.example.com");
         assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com");
         builder.addValue(BCStyle.CN, "scnd.example.com");
-        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,CN=scnd.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
+        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
     }
 
     private CSRBuilder createBuilderWithValues() throws UnknownHostException {