There are diffences between Azure RBAC roles,.such as co-administrator on your subscription, and Azure AD roles like Global Administrator. Azure RBAC roles manages Azure resources like virtual machines, app service etc. Azure AD roles manage access to Objects in Azure AD like user accounts and app registrations; all identity relatated stuff.
Azure automation uses an App registration (which is an identity in Azure AD) with the certificate that need to be updated. So in this case you actually need the Application Administrator Azure AD role to manage app registrations in Azure AD. Find instructions on assigning Azure AD roles here.
You can find the details on the different kinds of roles here