diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py
index 40de57812..f32783830 100644
--- a/acme/acme/challenges.py
+++ b/acme/acme/challenges.py
@@ -70,7 +70,7 @@ class SimpleHTTP(DVChallenge):
         """
         # TODO: check that path combined with uri does not go above
         # URI_ROOT_PATH!
-        return '..' not in self.token and '/' not in self.token
+        return b'..' not in self.token and b'/' not in self.token
 
 
 @ChallengeResponse.register
@@ -134,7 +134,8 @@ class SimpleHTTPResponse(ChallengeResponse):
 
         """
         return jose.JWS.sign(
-            payload=self.gen_resource(chall).json_dumps().encode('utf-8'),
+            payload=self.gen_resource(chall).json_dumps(
+                sort_keys=True).encode('utf-8'),
             key=account_key, alg=alg, **kwargs)
 
     def check_validation(self, validation, chall, account_public_key):
@@ -258,7 +259,7 @@ class DVSNI(DVChallenge):
 
         """
         return DVSNIResponse(validation=jose.JWS.sign(
-            payload=self.json_dumps().encode('utf-8'),
+            payload=self.json_dumps(sort_keys=True).encode('utf-8'),
             key=account_key, alg=alg, **kwargs))
 
 
diff --git a/acme/acme/challenges_test.py b/acme/acme/challenges_test.py
index 3e92998a3..61cca498c 100644
--- a/acme/acme/challenges_test.py
+++ b/acme/acme/challenges_test.py
@@ -136,7 +136,7 @@ class SimpleHTTPResponseTest(unittest.TestCase):
             jose.JWS.sign(payload=bad_resource.json_dumps().encode('utf-8'),
                           alg=jose.RS256, key=account_key)
             for bad_resource in (resource.update(tls=True),
-                                 resource.update(token=r'x'*20))
+                                 resource.update(token=b'x'*20))
         )
         for validation in validations:
             self.assertFalse(self.resp_http.check_validation(
@@ -219,11 +219,11 @@ class DVSNIResponseTest(unittest.TestCase):
 
         from acme.challenges import DVSNI
         self.chall = DVSNI(
-            token=jose.b64decode('a82d5ff8ef740d12881f6d3c2277ab2e'))
+            token=jose.b64decode(b'a82d5ff8ef740d12881f6d3c2277ab2e'))
 
         from acme.challenges import DVSNIResponse
         self.validation = jose.JWS.sign(
-            payload=self.chall.json_dumps().encode(),
+            payload=self.chall.json_dumps(sort_keys=True).encode(),
             key=self.key, alg=jose.RS256)
         self.msg = DVSNIResponse(validation=self.validation)
         self.jmsg_to = {
diff --git a/acme/acme/messages_test.py b/acme/acme/messages_test.py
index 810db3e91..051db9ae9 100644
--- a/acme/acme/messages_test.py
+++ b/acme/acme/messages_test.py
@@ -224,9 +224,10 @@ class AuthorizationTest(unittest.TestCase):
         self.challbs = (
             ChallengeBody(
                 uri='http://challb1', status=STATUS_VALID,
-                chall=challenges.SimpleHTTP(token='IlirfxKKXAsHtmzK29Pj8A')),
+                chall=challenges.SimpleHTTP(token=b'IlirfxKKXAsHtmzK29Pj8A')),
             ChallengeBody(uri='http://challb2', status=STATUS_VALID,
-                          chall=challenges.DNS(token='DGyRejmCefe7v4NfDGDKfA')),
+                          chall=challenges.DNS(
+                              token=b'DGyRejmCefe7v4NfDGDKfA')),
             ChallengeBody(uri='http://challb3', status=STATUS_VALID,
                           chall=challenges.RecoveryContact()),
         )