Chrome 39 will warn users if SHA1 certificates are used and expire after January 1, 2017.
Chrome 40 will warn users if SHA1 certificates are used and expire after June 1, 2016.
Chrome 41 will warn users if SHA1 certificates are used and expire after January 1, 2016.
Currently, at least the following servers are using SHA1 certificates with different expiration dates:
[ ] svn -- January 31, 2015
[ ] Blog -- September 16, 2017 & techblog (T88491)
[X] Gerrit -- April 24, 2017 (!) (T76562)
[X] Wikitech-static -- February 27, 2017 (T88487)
[ ] Dumps -- March 25, 2016 (T88497)
[ ] icinga-admin -- February 26, 2016
[ ] OTRS -- February 17, 2016
[ ] tendril -- February 14, 2016
[ ] en.planet -- February 3, 2016
[ ] Lists -- January 30, 2016
[ ] Wikitech -- January 25, 2016
[ ] librenms -- January 12, 2016
[X] RT, etherpad -- January 9, 2016 (T88490) (T88489)
[ ] ganglia, icinga -- January 8, 2016
[X] payments.wikimedia.org (EV SSL) -- October 25, 2015
[ ] tools.wmflabs.org -- September 15, 2015
puppet's `files/ssl` should be audited for more.