"The HTTP S3 Present should not utilize Object ACL permissions, as they are not recommended."

Welcome

[X] Yes, I've searched similar issues on GitHub and didn't find any.

How do you use lego?

Library

Detailed Description

reference: https://www.amazonaws.cn/articles/storage/object-acl-or-bucket-policy/ Additionally, the Key should also support configuring sub paths

// Present makes the token available at `HTTP01ChallengePath(token)` by creating a file in the given s3 bucket.
func (s *HTTPProvider) Present(domain, token, keyAuth string) error {
    ctx := context.Background()

    params := &s3.PutObjectInput{
        //ACL:    "public-read",
        Bucket: aws.String(s.bucket),
        Key:    aws.String("acme" + http01.ChallengePath(token)),
        Body:   bytes.NewReader([]byte(keyAuth)),
    }

    _, err := s.client.PutObject(ctx, params)
    if err != nil {
        return fmt.Errorf("s3: failed to upload token to s3: %w", err)
    }
    return nil
}

// CleanUp removes the file created for the challenge.
func (s *HTTPProvider) CleanUp(domain, token, keyAuth string) error {
    ctx := context.Background()

    params := &s3.DeleteObjectInput{
        Bucket: aws.String(s.bucket),
        Key:    aws.String("acme" + http01.ChallengePath(token)),
    }

    _, err := s.client.DeleteObject(ctx, params)
    if err != nil {
        return fmt.Errorf("s3: could not remove file in s3 bucket after HTTP challenge: %w", err)
    }

    return nil
}

go-acme / lego

"The HTTP S3 Present should not utilize Object ACL permissions, as they are not recommended." #2149

Welcome

How do you use lego?

Detailed Description