"The HTTP S3 Present should not utilize Object ACL permissions, as they are not recommended."

[jinjianming]

Welcome

• Yes, I've searched similar issues on GitHub and didn't find any.

How do you use lego?

Library

Detailed Description

reference: https://www.amazonaws.cn/articles/storage/object-acl-or-bucket-policy/
Additionally, the Key should also support configuring sub paths

// Present makes the token available at `HTTP01ChallengePath(token)` by creating a file in the given s3 bucket.
func (s *HTTPProvider) Present(domain, token, keyAuth string) error {
	ctx := context.Background()

	params := &s3.PutObjectInput{
		//ACL:    "public-read",
		Bucket: aws.String(s.bucket),
		Key:    aws.String("acme" + http01.ChallengePath(token)),
		Body:   bytes.NewReader([]byte(keyAuth)),
	}

	_, err := s.client.PutObject(ctx, params)
	if err != nil {
		return fmt.Errorf("s3: failed to upload token to s3: %w", err)
	}
	return nil
}

// CleanUp removes the file created for the challenge.
func (s *HTTPProvider) CleanUp(domain, token, keyAuth string) error {
	ctx := context.Background()

	params := &s3.DeleteObjectInput{
		Bucket: aws.String(s.bucket),
		Key:    aws.String("acme" + http01.ChallengePath(token)),
	}

	_, err := s.client.DeleteObject(ctx, params)
	if err != nil {
		return fmt.Errorf("s3: could not remove file in s3 bucket after HTTP challenge: %w", err)
	}

	return nil
}