Forums

LetsEncrypt Challenge is Invalid

Hi,

I followed the configuration instructions for obtaining a certificate here: https://help.pythonanywhere.com/pages/LetsEncrypt

When I ran this command, however, I get a Challenge is Invalid response from LetsEncrypt.

Has anyone encountered this kind of response and know how to resolve?

Thanks, Peter

.

16:12 ~/letsencrypt $ ~/dehydrated/dehydrated --config ~/letsencrypt/config --cron --domain www.pejowei.com --out ~/letsencrypt --challenge http-01
# INFO: Using main config file /home/pejowei/letsencrypt/config
Processing www.pejowei.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for www.pejowei.com...
+ Responding to challenge for www.pejowei.com...
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from http://www.pejowei.com/.well-known/acme-challenge/sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo [34.206.101.184]: 400",
    "status": 403
   },
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/WJPmVCVfeS27R2g4GPE0XvxA2jdT5xnscJYQLZ2Nwus/2958037290",
"token": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo",
"keyAuthorization": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo.4RJp6yEa3YwhToR4IWeHNnMkdC8whB301UEWBUk0qmE",
"validationRecord": [
    {
       "url": "http://www.pejowei.com/.well-known/acme-challenge/sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo",
       "hostname": "www.pejowei.com",
       "port": "80",
        "addressesResolved": [
                "34.206.101.184"
         ],
        "addressUsed": "34.206.101.184",
        "addressesTried": []
    }
  ]
})

It's giving you a 403 because you have a password set on your web app, or because you haven't added the static file mapping for .well-known.

I believe that I have configured the .well-known mapping correctly.

I have a file called "config" in the directory ~/letsencrypt that contains the string "WELLKNOWN=/home/pejowei/letsencrypt/wellknown". Does this file need to be in a folder called config?

Also, my wellknown directory appears to be empty. Do I need to put something there?

Also, can you clarify what you mean by password set? The webapp is a web2py app with an open landing page, from which users can register and log in. I am not using a pythonanywhere password. Do I need to follow a different method to install the cert if I am already using web2py?

Thanks, Peter

You have not set up the static file mapping correctly. Your web app has no static files mappings configured. It appears that you skipped the part of the instructions that told you to create a static file mapping.

LetsEncrypt puts files into the .wellknown directory to authenticate the domain name.

At the bottom of your web app configuration there's the option to protect the site with a password. I have checked and your web app does not have one set. The issue is that you don't have a static file mapping.