Digital Ocean Spaces API returns SignatureDoesNotMatch for Simple List Request

I’m running into an issue whereby the simplest request I could think of (just listing a bucket) fails with the dreaded SignatureDoesNotMatch error message. I was using a non-standard library, so I figured I’d try to reconstruct the request with bash/openssl/cURL to see what was happening. It appears that I’m still running into the issue.

Example error output:

<?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><RequestId>tx00000000000004cfeff77-005ef3b1ce-265622-nyc3b</RequestId><HostId>265622-nyc3b-nyc-zg02</HostId></Error>

The script I’m running: https://gist.github.com/akesling/e7c12e76fb2a9e6711d67cfe30d9d2fb

Note that the documentation seems to indicate that this (i.e. authing with AWSv4 signature requests) should work. See specifically the Authentication section of the official Spaces documentation page https://developers.digitalocean.com/documentation/spaces/#authentication.