diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
index ba2d7bc2..c269c01b 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
@@ -270,7 +270,8 @@ public final class CertificateUtils {
                 var extensions = attr[0].getAttrValues().toArray();
                 if (extensions.length > 0 && extensions[0] instanceof Extensions) {
                     var san = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
-                    certBuilder.addExtension(Extension.subjectAlternativeName, false, san);
+                    var critical = csr.getSubject().getRDNs().length == 0;
+                    certBuilder.addExtension(Extension.subjectAlternativeName, critical, san);
                 }
             }
 
diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
index a1393ebe..071e9c16 100644
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
@@ -218,6 +218,7 @@ public class CSRBuilderTest {
         builder.addIdentifiers(Identifier.dns("ide2.nt"), Identifier.ip("192.168.5.6"));
         builder.addIdentifiers(Arrays.asList(Identifier.dns("ide3.nt"), Identifier.ip("192.168.5.7")));
 
+        builder.setCommonName("abc.de");
         builder.setCountry("XX");
         builder.setLocality("Testville");
         builder.setOrganization("Testing Co");