This Q&A is related to another Q&A, linked here. The helpful answer there by Sridevi got me past the first set of gates.
I feel I'm very close to getting a certificate renewal, but now I'm running into this problem:
LinkedAuthorizationFailed: The client has permission to perform action 'Microsoft.Web/certificates/write' on scope '/subscriptions/[redacted]/resourceGroups/[redacted]/providers/Microsoft.Web/certificates/[redacted]'; however, it does not have permission to perform action 'write' on the linked scope(s) '/subscriptions/[redacted]/resourceGroups/[redacted]/providers/Microsoft.Web/serverfarms/basic
I've added my registered application to the WebSite Contributor Role at the Resource Group level, as described here, but it's still failing with the error message above.
I assume by /subscriptions/[redacted]/resourceGroups/[redacted]/providers/Microsoft.Web/serverfarms/basic that Azure means the App Service Plan (which in my case is Basic), but I've verified that my Service Plan is in the same Resource Group and therefore has also authorized the application.
What is meant by that providers/Microsoft.Web/serverfarms/basic error log entry, and how do I grant my application access to perform a 'write' action on it? What is meant by 'linked scope?'
There is one built-in RBAC role named Web Plan Contributor having
Microsoft.Web/serverFarms/*permission that manages web plans.To resolve the error, you need to grant Web Plan Contributor role also to the registered application under your
Resource grouplike below:In your case, make sure to grant
Web Plan Contributorrole to the registered application under the resource group scope where your App service exists.Reference: Web Plan Contributor role - Azure RBAC | Microsoft