Hi @Josh Dinndorf ,
There isn't OOB notification that will send the alert if the cert renewal fails. However there is an available Managed Cert Renewal detector under Diagnose and solve problems blade that you can use to check for errors.
For managed certs, there's a job that runs periodically and will attempt the renewal process if the cert expiration date is within 45 days. Since the managed cert is through DigiCert, it needs to be able to find a DNS record with CNAME pointed to <yourwebapp>.azurewebsites.net. After successful validation, DigiCert will issue the cert and App Service will pull it.