Export S3 bucket fails with SignatureDoesNotMatch error.

[NickKellett]

I've uploaded the paid AWS plugin to WPStatic (6.6.5, not the pro version of the plugin), entered IAM access key and secret, and tested authentication to the public bucket using the test button. S3 test works. I've independently tested using Cloudberry. However, whenever I try to export it always fails saying "SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.". This seems to imply a permission error but I can't think what. The bucket currently has the following bucket policy:

{ "Version": "2012-10-17", "Id": "Policy123etc", "Statement": [ { "Sid": "Stmt123etc", "Effect": "Allow", "Principal": "", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::[the url]", "arn:aws:s3:::[the url]/" ] }, { "Sid": "Stmt123etc", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[the iam user]" }, "Action": [ "s3:ListBucket", "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutBucket" ], "Resource": [ "arn:aws:s3:::[the url]", "arn:aws:s3:::[the url]/*" ] } ] }

The IAM user has full s3 access. I've deleted the access keys multiple times, handtyped as well as copy-pasted, no joy. Anything else I should be looking at? Thanks

[fnbauer]

I'm running into a similar issue, but the upload mostly completes before throwing the "Signature does not match" error. Oddly, it always fails at the same file. This is with the free version of WP2Static (version 6.6.6), and WP 5.2.3. It's likely this isn't a permissions issue, and the problem is in the signature/upload code. Edit: Just noticed plugin version 6.6.6 as reported by WP doesn't match any version in repository.

[leonstafford]

Hi @fnbauer - test button in version 6 likely giving a false positive there.

Please check your bucket's Public ACL settings in the AWS console and try unchecking/setting the 4 options to allow public ACL's to be changed.

This won't be necessary from next update of S3 plugin, but as the plugin's code explicitly sets public-read ACL on the files, the S3 bucket permissions need to allow that.

[NickKellett]

Hi @leonstafford, I've already ensured all public ACL settings are unchecked but that didn't help. Unfortunately at the moment I cannot use this WP2Static pro module and am instead outputting WP2Static to a local folder that is actually a drive mounted to AWS S3 bucket using Cloudberry Drive (using the same IAM user). Hopefully the next update removes the signature issue, because apart from that WP2Static is working very well and it would be great to have the full S3 integration.

[leonstafford]

Hi @NickKellett thanks for you patience with this. Getting more professional S3/AWS usage is definitely a high priority with next release!

[fnbauer]

@leonstafford My issue turned out to be UTF-8 characters in filenames, which cause signature issues.

[farcaller]

Bumping this as I'm stuck on the same issue: the URL containing percent escape sequences (I think it's UTF8-ized cyrillics) fails with "The request signature we calculated does not match the signature you provided. Check your key and signing method."

[labsforge]

`Uploading /opt/bitnami/apps/wordpress/htdocs/wp-content/uploads/wp-static-html-output-1578533266/wp-content/plugins/js_composer/assets/lib/vc_waypoints/vc-waypoints.min.js to qver=6.0.3.pagespeed.jm.mIlLTaoaih.js in S3 PUT'ing file to qver=6.0.3.pagespeed.jm.mIlLTaoaih.jsvc-waypoints.min.js in S3 Using S3 Endpoint website.com.s3.eu-west-3.amazonaws.com S3 URL: http://website.com.s3.eu-west-3.amazonaws.com/qver=6.0.3.pagespeed.jm.mIlLTaoaih.jsvc-waypoints.min.js API response code: 403 API response body: <?xml version="1.0" encoding="UTF-8"?>

SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.AKIAZESGFU4TMFS2KN27AWS4-HMAC-SHA256 20200109T013029Z 20200109/eu-west-3/s3/aws4_request 3078ed05ccb6d412d0094abe780d766e069c09f30413a2cfc31ba6f077d800c39f0c1605e36cc9e39b4ea8274a51738f720f172d8d6690ca394fb3c703a2e5f241 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 30 30 31 30 39 54 30 31 33 30 32 39 5a 0a 32 30 32 30 30 31 30 39 2f 65 75 2d 77 65 73 74 2d 33 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 33 30 37 38 65 64 30 35 63 63 62 36 64 34 31 32 64 30 30 39 34 61 62 65 37 38 30 64 37 36 36 65 30 36 39 63 30 39 66 33 30 34 31 33 61 32 63 66 63 33 31 62 61 36 66 30 37 37 64 38 30 30 63 33PUT /qver%3D6.0.3.pagespeed.jm.mIlLTaoaih.jsvc-waypoints.min.js` I think we're with the same problem... but I have no idea really..

[leonstafford]

@labsforge in your case, I can see the Apache mod_pagespeed is enabled, which messes with URLs. Can you please try disabling that, restarting webserver and trying again?

[labsforge]

Holly crap! it works now! thank you very much @leonstafford!

[leonstafford]

@NickKellett - switched back to official AWS SDK for PHP and you shouldn't see these issues now. Please let me know if they persist in V7: https://github.com/WP2Static/wp2static/releases/tag/7.0-alpha-003

[leonstafford]

This should be all good for most cases in the wp2static-addon-s3 add-on now.

There are still issues which this and other projects face with certain characters, trying to deploy to S3. In those cases, you may be forced to use AWS' CLI tool, like aws sync . s3://somebucket or such, that tends to transfer everything.