diff --git a/app/models/upload.rb b/app/models/upload.rb
index e660073eef3..5b4b4be312a 100644
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -361,7 +361,13 @@ class Upload < ActiveRecord::Base
     secure_status_did_change = self.secure? != mark_secure
     self.update(secure_params(mark_secure, reason, source))
 
-    Discourse.store.update_upload_ACL(self) if Discourse.store.external?
+    if Discourse.store.external?
+      begin
+        Discourse.store.update_upload_ACL(self)
+      rescue Aws::S3::Errors::NotImplemented => err
+        Discourse.warn_exception(err, message: "The file store object storage provider does not support setting ACLs")
+      end
+    end
 
     secure_status_did_change
   end
diff --git a/spec/models/upload_spec.rb b/spec/models/upload_spec.rb
index a628d2e7056..c614b28f5d1 100644
--- a/spec/models/upload_spec.rb
+++ b/spec/models/upload_spec.rb
@@ -478,6 +478,14 @@ describe Upload do
         upload.update_secure_status
         expect(upload.reload.secure).to eq(false)
       end
+
+      it "does not throw an error if the object storage provider does not support ACLs" do
+        FileStore::S3Store.any_instance.stubs(:update_upload_ACL).raises(
+          Aws::S3::Errors::NotImplemented.new("A header you provided implies functionality that is not implemented", "")
+        )
+        upload.update!(secure: true, access_control_post: Fabricate(:private_message_post))
+        expect { upload.update_secure_status }.not_to raise_error
+      end
     end
   end