I'm hoping to route `*.example.com` to App Engine.
Due to the limitation that App Engine cannot use the automatically managed certificates for wildcards I ended up creating a certificate in Certificate Manager.
But that certificate is not showing up as an option in App Engine.

I could download the certificate from Certificate Manager and upload to App Engine, but that seems like it would just cause a bunch of headaches with renewal, and the whole point of using a managed service like App Engine (and by extension Certificate Manager) was to avoid this management overhead.

Am I missing something obvious here?

Things that are ok:

* App Engine domain mappings
* App Engine knows the domain is validated
* Certificate is valid
* There is a certificate map
* The certificate map has one entry for *.example.com and one entry for example.com
* The DNS records are set to what app engine domain mapping expects


If I try to set the certificate_id for the app engine domain mapping to the certificate manager id, I get the following error, but I think app engine has a completely different collection of certificates.

> Error 404: Requested resource "projects/.../locations/global/certificates/..." does not exist. Certificates are visible for a given application if the certificate either is mapped to a domain mapping on the ap
plication or applies to one of the caller's authorized domains.


To reiterate, I want to use managed certificates like *.example.com with AppEngine without implementing renewal myself.