I have succeeded in confusing myself beyond all expectations.
I have a simple Web Service which has existed for several years. Access to it has been through http, however I wanted to switch to https.
Trying to find the documentation describing how to do this simple transformation has been "trying".
It appears to be as simple as clicking the "HTTPS Only" radio button in the portal's TLS/SSL Settings page. In this case, it appears to use a general certificate that covers all *.azurewebsites.net URLs. (It'd be nice if this were clearly documented).
It also appears as if you can't use a 3rd-party certificate, issued to your explicit domain name, in the F1 pricing tier (free tier). It looks like you have to pick at minimum, the B1 plan (at $54/mo) if you want to provide your own certificate (which I think would be absolutely irresponsible, except Microsoft allows the use of its *.azurewebsites.net certificate).
It's taken me an absurdly amount of effort to figure all this out.
Have I got it right, or is there something vital I've missed?