Digital certificates

How to correctly generate CSR for UCC SAN SSL?

Greetings,
I purchased a UCC SAN SSL certificate from Comodo, on gogetssl.com, for three domains - for the mail server. There was a problem how to correctly generate a CSR for this type of certificate. The support told me that SAN domains should not be specified in the CSR, but through the form on their website. No sooner said than done, I generated the CSR with the following command:

openssl req -nodes -newkey rsa:2048 -keyout mx.example.com.key -out mx.example.com.csr

In the common name of the certificate, one of the domains was specified - example.com, in the SAN - example.ru and example.net. Everything is fine, the certificate is issued and signed, and successfully added to the server. And here a problem arises - when connected, the MUA starts swearing at a mismatch between the Common Name of the certificate (example.com) and the host name (mx.example.com) - the same for all other domains on the server. At the same time, if you look at the details about the certificate, then all three domains are registered in the SAN fields, what could be the problem? Or do I need to issue a certificate not for the example.* domains, but for the server hostname in each domain?
Plus, it’s not clear to me why swearing starts at CN, which, in fact, with this type of certificate, you shouldn’t pay attention to.