Hello everyone, we're having severe difficulties while trying to add a verified external hostname binding to a web app with an app service managed certificate. We have set the dns records on the domain provider side correctly, and everything works when setting up the binding manually via the portal. We are now trying the following approach via Pulumi:

export const cert = new web20220901.Certificate(`ti-cert-${stage}`,
  {
    canonicalName: hostName,
    hostNames: [hostName],
    name: `${hostName}-${appName}`,
    resourceGroupName: resourceGroupName,
    serverFarmId: servicePlan.id,
    domainValidationMethod: "http-token"

  }, { dependsOn: [webApp] }
);

export const publicBinding = new web20220901.WebAppHostNameBinding(hostName, {
  hostName: hostName,
  hostNameType: web.HostNameType.Verified,
  name: appName,
  resourceGroupName: resourceGroupName,
  siteName: appName,
  sslState: web.SslState.SniEnabled,
  thumbprint: cert.thumbprint
}, {
  dependsOn: [webApp , cert]});

As you can see, we need the cert thumbprint in the binding, which is why we're building the cert beforehand. However, the cert needs the hostname to be validated via the Web App Custom Domain resource, which is not available via pulumi as is. The pulumi up fails with:

error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Properties.CanonicalName is invalid.
    Certificate creation requires hostname app-dev-provisioned.<domain> added to an App Service in the serverFarm
    /subscriptions/<subscription>/resourceGroups/<resource_group>/providers/Microsoft.Web/serverfarms/<app_service_plan>."
     Details=[{"Message":"Properties.CanonicalName is invalid.  Certificate creation requires hostname <hostname> added to an App Service in the serverFarm /subscriptions/<subscription>/resourceGroups/<resource_group>/providers/Microsoft.Web/serverfarms/<app_service_plan>."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"Properties.CanonicalName is invalid.  Certificate creation requires hostname <hostname> added to an App Service in the serverFarm /subscriptions/<subscription>/resourceGroups/<resource_group>/providers/Microsoft.Web/serverfarms/<app_service_plan>.","MessageTemplate":"{0} is invalid.  {1}","Parameters":["Properties.CanonicalName","Certificate creation requires hostname <hostname> added to an App Service in the serverFarm /subscriptions/<subscription>/resourceGroups/<resource_group>/providers/Microsoft.Web/serverfarms/<app_service_plan>."]}}]

This is also referenced here: https://github.com/pulumi/pulumi-azure-native/issues/578 Any updates on this issue?