The Fix
pip install celery==4.4.0rc5
Based on closed celery/celery issue #5988 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -272,3 +272,4 @@ Florian Chardin, 2018/10/23
Fabio Todaro, 2019/06/13
Shashank Parekh, 2019/07/11
+Arel Cordero, 2019/08/29
diff --git a/celery/backends/redis.py b/celery/backends/redis.py
index 3c04d134aa7..5f86a940b97 100644
Option A — Upgrade to fixed release\npip install celery==4.4.0rc5\nWhen NOT to use: This fix should not be applied if the application relies on the old behavior of the ssl_cert_reqs parameter.\n\n
Why This Fix Works in Production
- Trigger: TLS-enabled Redis configuration: the ssl_cert_reqs is wrongly documented
- Mechanism: The documentation incorrectly states that 'required' is a valid value for ssl_cert_reqs
- Why the fix works: Updates the documentation to clarify the acceptable values for the ssl_cert_reqs parameter in Redis configuration. (first fixed release: 4.4.0rc5).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- The documentation incorrectly states that 'required' is a valid value for ssl_cert_reqs
- Production symptom (often without a traceback): TLS-enabled Redis configuration: the ssl_cert_reqs is wrongly documented
Proof / Evidence
- GitHub issue: #5988
- Fix PR: https://github.com/celery/celery/pull/5703
- First fixed release: 4.4.0rc5
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.68
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“When I look at the source code on the master branch, it seems OK to me”
“can you send a PR to fix the doc and mention me?”
Failure Signature (Search String)
- TLS-enabled Redis configuration: the ssl_cert_reqs is wrongly documented
- Note that the ssl_cert_reqs string should be one of required, optional, or none (though, for backwards compatibility, the string may also be one of CERT_REQUIRED, CERT_OPTIONAL,
Copy-friendly signature
Failure Signature
-----------------
TLS-enabled Redis configuration: the ssl_cert_reqs is wrongly documented
Note that the ssl_cert_reqs string should be one of required, optional, or none (though, for backwards compatibility, the string may also be one of CERT_REQUIRED, CERT_OPTIONAL, CERT_NONE).
Error Message
Signature-only (no traceback captured)
Error Message
-------------
TLS-enabled Redis configuration: the ssl_cert_reqs is wrongly documented
Note that the ssl_cert_reqs string should be one of required, optional, or none (though, for backwards compatibility, the string may also be one of CERT_REQUIRED, CERT_OPTIONAL, CERT_NONE).
What Broke
Users encounter an AttributeError when using 'required' for ssl_cert_reqs in Redis configuration.
Why It Broke
The documentation incorrectly states that 'required' is a valid value for ssl_cert_reqs
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install celery==4.4.0rc5
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/celery/celery/pull/5703
First fixed release: 4.4.0rc5
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be applied if the application relies on the old behavior of the ssl_cert_reqs parameter.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 4.4.0rc5 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.