This message was deleted.

I have been able to add the Traffic Manager cert to the app service, but the bindings still fail. This is what I am doing currently:

WORKS!!
let cert = new azure-native.web.Certificate(`${endpointConfig.name}-cert`, {
                resourceGroupName: rgName, // this should be target app resource group
                canonicalName: `<http://service-api-abc.trafficmanager.net|service-api-abc.trafficmanager.net>`,
                hostNames: [`<http://service-api-abc.trafficmanager.net|service-api-abc.trafficmanager.net>`],
                serverFarmId: pulumi.interpolate `${webApp.serverFarmId}`,
}


FAILS!!
 let binding = new azure-native.web.WebAppHostNameBinding(`${endpointConfig.name}-cert-binding`, {
                name: pulumi.interpolate `${webApp.name}`,
                resourceGroupName: rgName,
                siteName: pulumi.interpolate `${webApp.name}`,
                sslState: "SniEnabled",
                hostNameType: "Verified",
                thumbprint: cert.thumbprint
}

We can see on azure, the app service has the TM managed certificate added. But the binding returns the following failure.

error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="A TXT record pointing from asuid.cert-binding to xxxxxxxxxxxx738bbae43cc8b60f509dfce14780220d5188c795486 was not found." Details=[{"Message":"A TXT record pointing from asuid.cert-binding to xxxxxxxxxxxx738bbae43cc8b60f509dfce14780220d5188c795486 was not found."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"04006","Message":"A TXT record pointing from asuid.cert-binding to xxxxxxxxxxxx738bbae43cc8b60f509dfce14780220d5188c795486 was not found.","MessageTemplate":"A TXT record pointing from asuid.{0} to {1} was not found.","Parameters":["cert-binding","xxxxxxxxxxxx738bbae43cc8b60f509dfce14780220d5188c795486"]}}]