Hi @David Pelletier We are sorry to hear you're facing this issue. When did you get your managed certificates?
Based on the docs: Starting September 23 2021, if you haven't verified the domain in the last 395 days, App Service certificates require domain verification during a renew or rekey process. The new certificate order remains in "pending issuance" mode during the renew or rekey process until you complete the domain verification.
Unlike the free App Service managed certificate, domain re-verification for App Service certificates isn't automated. Failure to verify domain ownership results in failed renewals. For more information about how to verify your App Service certificate, review Confirm domain ownership.
The renewal process requires that the well-known service principal for App Service has the required permissions on your key vault. These permissions are set up for you when you import an App Service certificate through the Azure portal. Make sure that you don't remove these permissions from your key vault.
Please let us know if you have further questions.
-Grace