We got an email on noc@ from LetsEncrypt warning that certs for the names listed below will expire at 2021-07-19 14:01 UTC -- that's ten days from this task, nineteen days from their warning. That's closer than we usually let these get to expiring, as I understand it.
The list of names exactly matches non-canonical-redirect-2 in hieradata/common.yaml.
Marking this high priority because expiration will be a week from the end of the WMF holiday; traffic folks, feel free to downgrade.
The email subject was Let's Encrypt certificate expiration notice for domain "*.wikimania.asia" (and 37 more), received at 2021-06-29 14:09 UTC. Affected names:
*.wikimania.asia
*.wikimania.com
*.wikimania.org
*.wikimedia.com
*.wikimedia.community
*.wikimedia.jp.net
*.wikimedia.lt
*.wikimedia.us
*.wikimediacommons.co.uk
*.wikimediacommons.info
*.wikimediacommons.jp.net
*.wikimediacommons.mobi
*.wikimediacommons.net
*.wikimediacommons.org
*.wikimediafoundation.com
*.wikimediafoundation.info
*.wikimediafoundation.net
*.wikinews.com
*.wikinews.de
wikimania.asia
wikimania.com
wikimania.org
wikimedia.com
wikimedia.community
wikimedia.jp.net
wikimedia.lt
wikimedia.us
wikimediacommons.co.uk
wikimediacommons.info
wikimediacommons.jp.net
wikimediacommons.mobi
wikimediacommons.net
wikimediacommons.org
wikimediafoundation.com
wikimediafoundation.info
wikimediafoundation.net
wikinews.com
wikinews.de