Thanks for posting this question.
- If your requirement fits, you could try by setting up an Application Gateway in front of the SWA private endpoint and attaching the custom domain to the App Gateway.
- Based on my understanding of your case, this may not work. As outlined in this doc section #create-a-free-managed-certificate (free certificate comes with the limitations)
- Must have an A record pointing to your web app's IP address.
- Must have CNAME mapped directly to <app-name>.azurewebsites.net or trafficmanager.net. Mapping to an intermediate CNAME value blocks certificate issuance and renewal.
- We are checking on this, and will follow-up on it.
I have added additional tags to receive insights from the targetted SMEs/audience.