When using the Portal it seems to do DNS validation, preventing to deploy two App Service Managed Certificates with the same name (specially if Traffic Manager is still resolving to the first app, if you failover it might work). In any case, if you use PowerShell it is skipping this and you should be able to create it:
New-AzWebAppCertificate -ResourceGroupName “myrg” -WebAppName app2 -Name "MycertPS-TM" -HostName app.mydomain.com
You can use Azure Shell to do this so you have the latest modules.