Hi @dobestar ,
Please keep in mind App Service Managed Certificate comes with the following limitations:
Does not support wildcard certificates.
Does not support naked domains.
Is not exportable.
Is not supported on App Service Environment (ASE)
Does not support A records. For example, automatic renewal doesn't work with A records.
Also, Azure may not validate the CNAME domain if is proxied behind Cloudflare
Please double-check to make sure your CNAME meets the above requirements. Let us know if you have further questions.
Best,
Grace