If you are here, you’re likely dealing with a Power Pages cert that’s about to expire or already has. Updating the cert is fairly straightforward, but the kicker is ensuring the user making the update has the correct permissions. When updating the cert, also check that the Website authentication key is still valid. Scroll to the bottom to see more about the auth key.

Permissions that are needed to update the cert and get the authentication key updated:
Owner on the App Registration associated with the Portal.
o365: Power Platform Admin, and Global Admin
As noted in the warning below, it states you can be a Global Admin or App Registration owner. Unless your sys admin is doing the update or if you are a sys admin, gaining access to the App Registration might be the easiest way to update the cert and re-bind the site.

Here are the steps I took to update my portals’ cert:
Uploaded the new cert under Manage custom certificates (note cert ID)
Navigate to the Set up custom domains and SSL page
Delete expired cert
In the SSL Bindings section, click +Add new and associate your host with the newly uploaded cert.

Here you can grab the Application ID and locate the associated App Registration.

Open the Azure portal, search for App Registrations, then search by the App ID. Once you have the App Reg., make sure you are an Owner. In the left nav of the app, click Owners, then add yourself or have an admin add you.

After that is updated, navigate back to the Power Pages admin portal and update the Authentication key. NOTE: the site will be offline for a few minutes.

Here are some helpful links related to this topic:
https://learn.microsoft.com/en-us/power-pages/admin/admin-roles
https://learn.microsoft.com/en-us/power-pages/admin/manage-auth-key