So you want to use a custom sub domain for your Azure App Service and you are using CloudFlare as your DNS server.

The problem here is that the Domain ownership does not validate. Even if you have everything set up correctly.

Now if we do a DNS lookup on the domain yoy will see that it points to the CloudFlare IP.

This means that when Azure tries to validate ownership by checking to see that the domain points to the Azure App Service Url, it will see that it axutally points to the CloudFlare IP.

The way to solve this is to temporary disable CloudFlare DNS Proxy and use DNS-only while adding the domain to Azure App Service.

Now when you try to validate the domain it works.

Now you can add the subdomain and enable DNS proxy in CloudFlare again.

Now everything works.