Certificates are automatically provided on all projects by Platform.sh through Let's Encrypt, see the limitations.
As long as your Domain's DNS records are pointing to your project's edge hostname, certificate provisioning will happen automatically during builds and redeployments.
If you are using a third-party certificate, Platform.sh issues a Let's Encrypt certificate 7 days before the expiry of your certificate to avoid interruptions in service.
Enterprise and Elite users have the option of providing us with a custom certificate to upload into Fastly.
For more information on this feature, please see the following page in the Platform.sh documentation:
https://docs.platform.sh/define-routes/https.html#tls-certificates