This will be the public tracking task for the replacement of the *.wmflabs.org cert/key pair. The existing certificate expires on 2017-10-16. The new certificate is available on: https://gerrit.wikimedia.org/r/#/c/374873/
The certificate was purchased via T174053, which is not a pubic task, so it shoudn't be used to track implementation (hence this task's creation.)
The new private key is on the private repo, named new.star.wmflabs.org.key. When the above patchset is pushed live, the private key must be updated. (Either replace the contents of the exiting file, or git rm and git mv the new file into the existing keyfiles place.)
Since this affects the cloud team, This has been flagged with cloud-services-team project for their review.