Thank you for reaching out.
I understand that you have a storage account with a static website that sits behind a vnet and you are trying to add a custom domain name for it.
As documented here in order to custom domain with HTTPS enabled you have to use Azure Front Door (preferred) or Azure CDN.
You can follow the documentation here if choose to use Azure Front Door which is the recommended service here.
If I may, based on your statement above.
From what I read the cert should get generated automatically.
As documented here This holds true for Azure Static Web Apps but for static websites hosted on Azure Storage you need to use the method above to enable HTTPS.
Please let me know if I have misunderstood your question and we will gladly continue with our discussion. Thank you!