I have the following celery configuration for my Django project hosted on heroku/git -
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'App.settings')
app = Celery('App')
app.conf.timezone = 'Europe/London'
app.config_from_object('django.conf:settings')
app.conf.update(BROKER_URL=str(os.getenv('REDIS_URL')),
CELERY_RESULT_BACKEND=str(os.getenv('REDIS_URL')),
broker_use_ssl = {
'ssl_cert_reqs': ssl.CERT_REQUIRED
},
redis_backend_use_ssl = {
'ssl_cert_reqs': ssl.CERT_REQUIRED
}
)
However when I run celery I get the following log error message.
ERROR/MainProcess] consumer: Cannot connect to rediss://****************//: Error 1 connecting to *************. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
I can fix this by setting ssl_cert_reqs’: ssl.CERT_NONE however then I receive the following warning -
Setting ssl_cert_reqs=CERT_NONE when connecting to redis means that celery will not valdate the identity of the redis broker when connecting. This leaves you vulnerable to man in the middle attacks.
Does anyone know how I can solve this to use SSL with Celery to protect my project going forward?`