Further for free certificate there are some below limitations:
• Does not support wildcard certificates.
• Does not support usage as a client certificate by certificate thumbprint (removal of certificate thumbprint is planned).
• Is not exportable.
• Is not supported on App Service Environment (ASE).
• Is not supported with root domains that are integrated with Traffic Manager.
• If a certificate is for a CNAME-mapped domain, the CNAME must be mapped directly to <app-name>.azurewebsites.net.
Also Note that The free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.
Let us know if issue remains.