Using a single OpenSSL command =

openssl req -newkey rsa:2048 -nodes -sha256  -keyout privkey.key  -out cert.csr -subj "/C=US/ST=New York/L=Brooklyn/O=Acme/OU=IT/CN=server.domain.com/emailAddress=it@acme.com"

If you Subject Alternative Names:

openssl req -newkey rsa:2048 -nodes -sha256  -keyout privkey.key  -out cert.csr -subj "/C=US/ST=New York/L=Brooklyn/O=Acme/OU=IT/CN=server.domain.com/emailAddress=it@domain.com/subjectAltName=DNS.1=server1.domain.com,DNS.2=server2.domain.com,DNS.3=server3.domain.com"

If using Subject Alternative Names, ensure that whatever is in the common name field is also present in the SAN fields. You can use a wildcard in CN or SAN field (i.e. *.domain.com)

-Brett