pfSense

Certificates may omit a subject so long as they have SAN entries, but the certificate manager currently prints "Unknown" in the Distinguished Name column for certificates with an empty subject.

Let's Encrypt is dropping the Common Name field from their certificates in the near future, and since that was the only subject component they included, the resulting certificates now lack a subject. As such, these types of certificates will be much more common soon. They can even be generated now by using ACME certificate profiles.

Rather than printing "Unknown" in these cases, the GUI could print "SAN Only" and/or print at least one entry from the SAN list. It could even give a count for the >1 case, such as "SAN Only (x entries)". For certificates with only one SAN entry, printing that seems ideal, but certificates with multiple SANs it becomes less clear which to print.