Forums

LetsEncrypt Challenge is Invalid

Hi,

I followed the configuration instructions for obtaining a certificate here: https://help.pythonanywhere.com/pages/LetsEncrypt

When I ran this command, however, I get a Challenge is Invalid response from LetsEncrypt.

Has anyone encountered this kind of response and know how to resolve?

Thanks, Peter

.

16:12 ~/letsencrypt $ ~/dehydrated/dehydrated --config ~/letsencrypt/config --cron --domain www.pejowei.com --out ~/letsencrypt --challenge http-01
# INFO: Using main config file /home/pejowei/letsencrypt/config
Processing www.pejowei.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for www.pejowei.com...
+ Responding to challenge for www.pejowei.com...
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from http://www.pejowei.com/.well-known/acme-challenge/sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo [34.206.101.184]: 400",
    "status": 403
   },
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/WJPmVCVfeS27R2g4GPE0XvxA2jdT5xnscJYQLZ2Nwus/2958037290",
"token": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo",
"keyAuthorization": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo.4RJp6yEa3YwhToR4IWeHNnMkdC8whB301UEWBUk0qmE",
"validationRecord": [
    {
       "url": "http://www.pejowei.com/.well-known/acme-challenge/sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo",
       "hostname": "www.pejowei.com",
       "port": "80",
        "addressesResolved": [
                "34.206.101.184"
         ],
        "addressUsed": "34.206.101.184",
        "addressesTried": []
    }
  ]
})

It's giving you a 403 because you have a password set on your web app, or because you haven't added the static file mapping for .well-known.

I believe that I have configured the .well-known mapping correctly.

I have a file called "config" in the directory ~/letsencrypt that contains the string "WELLKNOWN=/home/pejowei/letsencrypt/wellknown". Does this file need to be in a folder called config?

Also, my wellknown directory appears to be empty. Do I need to put something there?

Also, can you clarify what you mean by password set? The webapp is a web2py app with an open landing page, from which users can register and log in. I am not using a pythonanywhere password. Do I need to follow a different method to install the cert if I am already using web2py?

Thanks, Peter

You have not set up the static file mapping correctly. Your web app has no static files mappings configured. It appears that you skipped the part of the instructions that told you to create a static file mapping.

LetsEncrypt puts files into the .wellknown directory to authenticate the domain name.

At the bottom of your web app configuration there's the option to protect the site with a password. I have checked and your web app does not have one set. The issue is that you don't have a static file mapping.

I have this same issue, can you offer any guidance? At the risk of seeming a bit daft :) what actions should I take to perform the correct static file mapping? I was under the impression I ought to have put the static files in that directory so that's what I did using "python manage.py collectstatic" and "static_root = 'path'" was set to put static files in wellknown.

Thanks,

Elijah

Hi! Have the same problem( There is a tip here https://help.pythonanywhere.com/pages/LetsEncrypt/: free sites at yourusername.pythonanywhere.com already have HTTPS, you don't need letsencrypt for them. I didn't get how can I do a certificate without letsencrypt. I've decided to follow the instruction step by step without any changes (except changing username, of course :-)) Could anybody help?

@elijah i think this is what glenn was referring to.

I believe the LetsEncrypt tutorial also describes the static file mappings that you will need to setup for it to work.

ie. this is something you configure on your PythonAnywhere webapps tab.

@denis you don't need to use letsencrypt. Everything is already setup for you. Only paying users who are trying to setup ssl for their own custom sites (not yourusername.pythonanywhere.com, but say www.abc.com) need to use letsencrypt to set it up.

Can I get this certificate? My telegram bot seems to need it

I doubt that that is the case- we already have a valid ssl cert automatically installed for you. Check out our blog post about how to setup a telegram bot.

Thank you so much! I guess I didn't pay attention to this post