diff --git a/acmpca/certificate.tf b/acmpca/certificate.tf
index ebf3df7..b503ad3 100644
--- a/acmpca/certificate.tf
+++ b/acmpca/certificate.tf
@@ -1,5 +1,5 @@
 locals {
-  cert_dns = lower(var.certificate_dns)
+  cert_dns = var.certificate_dns != null ? lower(var.certificate_dns) : null
   cert_san = distinct([for f in compact(concat([local.cert_dns], var.certificate_san)) : lower(f)])
 
   ca_mode     = lookup(local._defaults["mode"], var.certificate_authority_mode, null)
@@ -7,7 +7,7 @@ locals {
   ca_settings = var.certificate_authority_mode == "general" ? local.ca_longterm_settings : local.ca_shortterm_settings
 
   output_file_directory  = var.output_file_directory != null ? var.output_file_directory : format("%v/%v", path.root, "certs")
-  _cert_filename         = coalesce(var.certificate_cn, local.cert_dns)[0]
+  _cert_filename         = coalesce(var.certificate_cn, local.cert_dns)
   generate_cert_filename = try(regex("[^a-zA-Z0-9_-.]", local._cert_filename, false))
   cert_filename          = local.generate_cert_filename ? local._cert_filename : random_uuid.filename.result
 }
@@ -90,7 +90,7 @@ resource "null_resource" "output_directory" {
 
 locals {
   filename_key   = var.key_filename != null ? var.key_filename : format("%v/%v.%v", local.output_file_directory, local.cert_filename, "key")
-  filename_csr   = var.csr_filename != null ? var.csr_filename : format("%v/%v.%v", local.output_file_directory, local.cert_filebame, "csr")
+  filename_csr   = var.csr_filename != null ? var.csr_filename : format("%v/%v.%v", local.output_file_directory, local.cert_filename, "csr")
   filename_crt   = var.certificate_filename != null ? var.certificate_filename : format("%v/%v.%v", local.output_file_directory, local.cert_filename, "crt")
   filename_chain = var.certificate_chain_filename != null ? var.certificate_chain_filename : format("%v/%v.%v", local.output_file_directory, local.cert_filename, "chain.crt")
 }