LetsEncrypt Challenge is Invalid


I followed the configuration instructions for obtaining a certificate here:

When I ran this command, however, I get a Challenge is Invalid response from LetsEncrypt.

Has anyone encountered this kind of response and know how to resolve?

Thanks, Peter


16:12 ~/letsencrypt $ ~/dehydrated/dehydrated --config ~/letsencrypt/config --cron --domain --out ~/letsencrypt --challenge http-01
# INFO: Using main config file /home/pejowei/letsencrypt/config
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for
+ Responding to challenge for
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from []: 400",
    "status": 403
"uri": "",
"token": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo",
"keyAuthorization": "sWLsR0OW08i_Rmk6x5Fh60WrOaz--DD1EQFKUFegaBo.4RJp6yEa3YwhToR4IWeHNnMkdC8whB301UEWBUk0qmE",
"validationRecord": [
       "url": "",
       "hostname": "",
       "port": "80",
        "addressesResolved": [
        "addressUsed": "",
        "addressesTried": []

It's giving you a 403 because you have a password set on your web app, or because you haven't added the static file mapping for .well-known.

I believe that I have configured the .well-known mapping correctly.

I have a file called "config" in the directory ~/letsencrypt that contains the string "WELLKNOWN=/home/pejowei/letsencrypt/wellknown". Does this file need to be in a folder called config?

Also, my wellknown directory appears to be empty. Do I need to put something there?

Also, can you clarify what you mean by password set? The webapp is a web2py app with an open landing page, from which users can register and log in. I am not using a pythonanywhere password. Do I need to follow a different method to install the cert if I am already using web2py?

Thanks, Peter

You have not set up the static file mapping correctly. Your web app has no static files mappings configured. It appears that you skipped the part of the instructions that told you to create a static file mapping.

LetsEncrypt puts files into the .wellknown directory to authenticate the domain name.

At the bottom of your web app configuration there's the option to protect the site with a password. I have checked and your web app does not have one set. The issue is that you don't have a static file mapping.

I have this same issue, can you offer any guidance? At the risk of seeming a bit daft :) what actions should I take to perform the correct static file mapping? I was under the impression I ought to have put the static files in that directory so that's what I did using "python collectstatic" and "static_root = 'path'" was set to put static files in wellknown.



Hi! Have the same problem( There is a tip here free sites at already have HTTPS, you don't need letsencrypt for them. I didn't get how can I do a certificate without letsencrypt. I've decided to follow the instruction step by step without any changes (except changing username, of course :-)) Could anybody help?

@elijah i think this is what glenn was referring to.

I believe the LetsEncrypt tutorial also describes the static file mappings that you will need to setup for it to work.

ie. this is something you configure on your PythonAnywhere webapps tab.

@denis you don't need to use letsencrypt. Everything is already setup for you. Only paying users who are trying to setup ssl for their own custom sites (not, but say need to use letsencrypt to set it up.

Can I get this certificate? My telegram bot seems to need it

I doubt that that is the case- we already have a valid ssl cert automatically installed for you. Check out our blog post about how to setup a telegram bot.

Thank you so much! I guess I didn't pay attention to this post

I was having this problem until l reloaded the web app after setting up the static file mapping. You know, just like it tells you too - doh!

Glad you worked it out :-)

Am i Ok if i do what's in here ? i watched a tutorial where we had to enter a lot of BASH command, why would you recommend that when the above step only require two clicks?

Which tutorial did you watch? It may have been recommending an outdated method. The current one click method which you can setup directly from the webapp ui was not available until around 6-12 months ago I think.