LetsEncrypt Challenge is Invalid


I followed the configuration instructions for obtaining a certificate here:

When I ran this command, however, I get a Challenge is Invalid response from LetsEncrypt.

Has anyone encountered this kind of response and know how to resolve?

Thanks, Peter


16:12 ~/letsencrypt $ ~/dehydrated/dehydrated --config ~/letsencrypt/config --cron --domain --out ~/letsencrypt --challenge http-01
# INFO: Using main config file /home/pejowei/letsencrypt/config
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for
+ Responding to challenge for
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from []: 400",
    "status": 403
"uri": "",
"token": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo",
"keyAuthorization": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo.4RJp6yEa3YwhToR4IWeHNnMkdC8whB301UEWBUk0qmE",
"validationRecord": [
       "url": "",
       "hostname": "",
       "port": "80",
        "addressesResolved": [
        "addressUsed": "",
        "addressesTried": []

It's giving you a 403 because you have a password set on your web app, or because you haven't added the static file mapping for .well-known.

I believe that I have configured the .well-known mapping correctly.

I have a file called "config" in the directory ~/letsencrypt that contains the string "WELLKNOWN=/home/pejowei/letsencrypt/wellknown". Does this file need to be in a folder called config?

Also, my wellknown directory appears to be empty. Do I need to put something there?

Also, can you clarify what you mean by password set? The webapp is a web2py app with an open landing page, from which users can register and log in. I am not using a pythonanywhere password. Do I need to follow a different method to install the cert if I am already using web2py?

Thanks, Peter

You have not set up the static file mapping correctly. Your web app has no static files mappings configured. It appears that you skipped the part of the instructions that told you to create a static file mapping.

LetsEncrypt puts files into the .wellknown directory to authenticate the domain name.

At the bottom of your web app configuration there's the option to protect the site with a password. I have checked and your web app does not have one set. The issue is that you don't have a static file mapping.