Update SSL certificate requirements for apex and subdomains

Removed the requirement for apps to be publicly accessible for apex and subdomain configurations.

Author: yutanglin16

articles/app-service/configure-ssl-certificate.md

@@ -81,14 +81,13 @@ The free certificate comes with the following limitations:
 ### [Apex domain](#tab/apex)
 
 - Must have an A record pointing to your web app's IP address.
-- Must be on apps that are publicly accessible.
 - Isn't supported with root domains that are integrated with Azure Traffic Manager.
 - Must meet all the preceding criteria for successful certificate issuances and renewals.
 
 ### [Subdomain](#tab/subdomain)
 
 - Must have CNAME mapped _directly_ to `<app-name>.azurewebsites.net` or [trafficmanager.net](configure-domain-traffic-manager.md#enable-custom-domain). Mapping to an intermediate CNAME value blocks certificate issuance and renewal.
-- Must be on apps that are publicly accessible.
+- If using Azure Traffic Manager, the site must be configured as an Azure Endpoint.
 - Must meet all the preceding criteria for successful certificate issuance and renewals.
 
 ---