This article is also available on Roam Research.

If you try to connect a Ruby on Rails app with a Heroku Redis add-on (excluding the Hobby Dev plan), there is a very high chance for you to get the error below:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: 
certificate verify failed (self signed certificate in certificate chain)


From version 6 and above, Redis requires using TLS to connect. However, Heroku does not use SSL internally. They terminate SSL at the router level and forward requests from there to your application via HTTP which is safe as all these do happen behind Heroku’s firewall. Also, let’s face it, Heroku’s security measures probably are better than yours.


To fix this, you will need to use OpenSSL::SSL::VERIFY_NONE for your Redis client.
  url: 'url',
  driver: :ruby,
  ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }

If you do use Sidekiq, configuration should be done through the Sidekiq initializers:

# config/initializers/sidekiq.rb
Sidekiq.configure_server do |config|
  config.redis = { ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }

Sidekiq.configure_client do |config|
  config.redis = { ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }


No error with Redis 6!?


Assuming you have double-checked the Redis version, the plan is probably on the Hobby Dev version, which does support both HTTP and HTTPS connections.


For the Hobby Dev plan, you should see two environment variables set under the app’s Config Vars section. If you do plan to keep the add-on as Hobby Dev, no change is needed.

If you do plan to upgrade the add-on to Premium 0 or above, you need to use VERIFY_NONE as above.