Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
#1You have a domain named "dev.test.app" delegated to Azure.
- This means, "dev.test.app" is called Apex domain or Root domain
- Please follow : Onboard a root or apex domain to Azure Front Door to add ALIAS record pointing "dev.test.app" to "FDEndPoint1" on how to configure custom domains
- For Apex domains, Azure managed certificates are not automatically rotated.
- See : managed TLS certificates
- Also see: AFD-managed TLS certificate rotation - How to rotate/renew
- This is nothing but regenerating the TXT value and adding it to the DNS Zone
#2The domain "api.dev.test.app" is not an Apex domain,
- It is just a CNAME record under the domain "dev.test.app"
- So the process is straight forward : Configure a custom domain on Azure Front Door
- The subdomains certificates are rotated automatically as long as the CNAME record is still pointing to "FDEndPoint2"
- See : managed TLS certificates
Hope this helps.
Cheers,
Kapil