SSL Certification Verify Failed on Heroku Redis
You can disable TLS certification on Heroku by downgrading to Redis 5 and passing ssl_cert_reqs=None
to the Redis
constructor.
$ heroku addons:create heroku-redis:premium-0 --version 5
from redis import ConnectionPool, Redisimport osconnection_pool = ConnectionPool.from_url(os.environ.get('REDIS_URL'))app.redis = Redis(connection_pool=connection_pool, ssl_cert_reqs=None)
My mistake was not doing both at the same time.
An ideal solution would explain how to configure TLS certification for Redis 6.
The docs are actually incorrect, you have to set SSL to verify_none because TLS happens automatically.
From Heroku support:
"Our data infrastructure uses self-signed certificates so certificatescan be cycled regularly... you need to set the verify_modeconfiguration variable to OpenSSL::SSL::VERIFY_NONE"
I solved this by setting the ssl_params to verify_none:
ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }
For me it was where I config redis (in a sidekiq initializer):
# config/initializers/sidekiq.rbSidekiq.configure_client do |config| config.redis = { url: ENV['REDIS_URL'], size: 1, network_timeout: 5, ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }endSidekiq.configure_server do |config| config.redis = { url: ENV['REDIS_URL'], size: 7, network_timeout: 5, ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }end
This solution works with redis 6 and python on Heroku
import os, redisredis_url = os.getenv('REDIS_URL')redis_store = redis.from_url(redis_url, ssl_cert_reqs=None)
In my local development environment I do not use redis with the rediss scheme, so I use a function like this to allow work in both cases:
def get_redis_store(): ''' Get a connection pool to redis based on the url configured on env variable REDIS_URL Returns ------- redis.ConnectionPool ''' redis_url = os.getenv('REDIS_URL') if redis_url.startswith('rediss://'): redis_store = redis.from_url( redis_url, ssl_cert_reqs=None) else: redis_store = redis.from_url(redis_url) return redis_store