Fix permissions on acme token upload, dont append well-known automatically

lemur/plugins/lemur_acme/plugin.py

@@ -866,7 +866,6 @@ class ACMEHttpIssuerPlugin(IssuerPlugin):
         current_app.logger.info("Uploaded HTTP-01 challenge tokens, trying to poll and finalize the order")
 
         # Wait for challenge status and then issue a certificate.
-
         for authz in orderr.authorizations:
             authzr, resp = acme_client.poll(authz)
             current_app.logger.info(authzr.body.status)

lemur/plugins/lemur_sftp/plugin.py

@@ -126,7 +126,6 @@ class SFTPDestinationPlugin(DestinationPlugin):
         current_app.logger.debug("SFTP destination plugin is started for HTTP-01 challenge")
 
         dst_path = self.get_option("destinationPath", options)
-        dst_path = path.join(dst_path, ".well-known/acme-challenge/")
 
         _, filename = path.split(token_path)
 
@@ -220,8 +219,8 @@ class SFTPDestinationPlugin(DestinationPlugin):
                         sftp.chmod(path.join(dst_path, filename), 0o600)
                         with sftp.open(path.join(dst_path, filename), "w") as f:
                             f.write(data)
-                # read only for owner, -r--------
+                # most likely the upload user isn't the webuser, -rw-r--r--
-                sftp.chmod(path.join(dst_path, filename), 0o400)
+                sftp.chmod(path.join(dst_path, filename), 0o644)
 
             ssh.close()