How to deal with naked domains when using azure managed certificates

In this scenario, I think a redirect is necessary.

We can get some clues from other international websites. For example: when I try to access http://google.com, actually I will get a 301 redirect which redirects me to http://www.google.com, and then I will get a 302 redirect which redirects me to https://www.google.com/?gws_rd=ssl

So, as managed certificate does not support naked domain. I suggest you directly add your www subdomain to your web app. And then create managed certificate to that www subdomain.

And, finally, you can add 301 and 302 redirect rules in your DNS provider, which will ensure all requests to naked domain will be redirected to www subdomain. This could be done in your DNS provider before your web app.

Adding to Jack's suggestions.

Currently, the preview offering only supports CNAME based validation. Thanks for the feedback and it is on our list of future improvements to consider however we do not have any ETA on this yet. So, request you to up-vote this feedback post on Uservoice- https://feedback.azure.com/forums/169385-web-apps/suggestions/38981932-add-naked-domain-support-to-app-service-managed-ce

Alternatively, you may try to forward apex domains to subdomain such as www.

So based on your requirement, to redirect - https://yourdomain.com -> https://www.yourdomain.com

If you are using App Service Domain, you can forward your domain by going to 'Advanced Management portal' of the domain resource.

So, after a long time, Azure finally supports this. One can simply use a managed cert for naked domains.

See here: https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html