Cert excited too quickly

After migrating from juniper to koa , I am getting Cert excited too quickly
supervisor cert error log

/edx/app/certs/certificates/settings.py:149: YAMLLoadWarning: calling yaml.load() without Loader=… is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
CERT_DATA = yaml.load(f.read())
PdfReadWarning: Xref table not zero-indexed. ID numbers for objects will be corrected. [pdf.py:1736]
Traceback (most recent call last):
File “/edx/app/certs/certificates/certificate_agent.py”, line 184, in
File “/edx/app/certs/certificates/certificate_agent.py”, line 52, in main
manager = XQueuePullManager(settings.QUEUE_URL, settings.QUEUE_NAME,
File “/edx/app/certs/certificates/openedx_certificates/queue_xqueue.py”, line 28, in init
File “/edx/app/certs/certificates/openedx_certificates/queue_xqueue.py”, line 43, in _login
raise Exception(“Invalid return code in reply resp:{0}”.format(
Exception: Invalid return code in reply resp:{‘return_code’: 1, ‘content’: ‘Incorrect login credentials’}

As the error message indicates, there seems to be something wrong with the credentials being used to login to the xqueue server. Please check the values of QUEUE_AUTH_USER and QUEUE_AUTH_PASS environment variables.

Hey @pkulkark,
I have the same issue with an instance of Juniper release itself.
Could you tell me how to check QUEUE_AUTH_USER?
I changed my user to certs, though there is no service_env file under its home directory like other services, and that variable didn’t have a value initialed.
Thanks in advance

I found that QUEUE_AUTH_PASS, QUEUE_AUTH_USER, QUEUE_USER, QUEUE_PASS have all been set within ~certs/auth.json.
Is that enough?
for more clarification, I can see the following error in /edx/var/log/supervisor/xqueue-stderr.log regularly:

2021-05-20 13:00:55 [11221] [INFO] POST /xqueue/login/
2021-05-20 13:00:58 [11238] [INFO] POST /xqueue/login/
2021-05-20 13:01:00 [11229] [INFO] POST /xqueue/login/

all databases have been moved and migrated from an ironwood instance.

For anyone else who might have a similar issue, this was my problem and how I solved it.
During Open edX installation, an xqueue user is being created that later will be used by certs service to make connections to xqueue APIs. prior to juniper, that user’s password was hard-coded as password. but now it will be generated and stored in my-passwords.yml. thus if you have your own database that has been migrated from former edX releases, you need to update the new password manually for xqueue. these commands helped me to do so:

sudo -u xqueue -H bash
cd ~/xqueue/
source ~/xqueue_env 
python manage.py shell

now inside the django shell environment:

from django.contrib.auth.models import User
user = User.objects.get(username='lms')

You cand find COMMON_XQUEUE_LMS_PASSWORD in my-passwords.yml.