Ok. I finally figured this out (on my own). This is what I had to do.
- Removed the web site forwarding configuration (added previously) from my godaddy domain.
- Unlocked my godaddy domain, so that I could do the next step.
- Followed the instructions at https://learn.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns to create a DNS Zone and delegate my godaddy domain to my Azure DNS Zone. This took about 30-45 minutes to propogate, before the "Verify the delegation" step produced the correct results.
- Created a new Record set in my Azure DNS Zone as follows: (a) Name: www (b) Type: A - Alias record to IPv4 address (c) TTL: 1 (d) TTL unit Hours (e) IP address: my Azure VM public IP address
Then, magically the SSL certificate started working properly. This is the SSL certificate that I previously:
- purchased from godaddy and installed (not sure that is the correct terminology) to my purchased godaddy domain.
- executed the steps to install (as client) on my Azure VM and binded to my web site.
In the end I think the key was that the SSL certificate request must be coming from the same domain as the domain that owns the SSL. In my case: my Azure VM site must send from the site domain of "manifestmanager.xyz" (achieved through the above delegation step), so that it matches the purchased godaddy domain "manifestmanager.xyz"
Hopefully, this explanation makes sense to someone else that encounters this problem. I spent a lot of time to figure this out.