refactor: re-impl sdk3rd

2025-06-17 10:39:39 +08:00
parent 9421da2cde
commit 299a722aa9
280 changed files with 6923 additions and 4658 deletions
--- a/internal/pkg/core/applicator/acme-dns01/lego-providers/azure-dns/azure-dns.go
+++ b/internal/pkg/core/applicator/acme-dns01/lego-providers/azure-dns/azure-dns.go
@@ -6,7 +6,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/azuredns"

-	azcommon "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/common"
+	azenv "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/env"
 )

 type ChallengeProviderConfig struct {
@@ -28,7 +28,7 @@ func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider,
 	providerConfig.ClientID = config.ClientId
 	providerConfig.ClientSecret = config.ClientSecret
 	if config.CloudName != "" {
-		env, err := azcommon.GetCloudEnvironmentConfiguration(config.CloudName)
+		env, err := azenv.GetCloudEnvConfiguration(config.CloudName)
 		if err != nil {
 			return nil, err
 		}
--- a/internal/pkg/core/applicator/acme-dns01/lego-providers/dnsla/internal/lego.go
+++ b/internal/pkg/core/applicator/acme-dns01/lego-providers/dnsla/internal/lego.go
@@ -69,8 +69,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("dnsla: the configuration of the DNS provider is nil")
 	}

-	client := dnslasdk.NewClient(config.APIId, config.APISecret).
-		WithTimeout(config.HTTPTimeout)
+	client, err := dnslasdk.NewClient(config.APIId, config.APISecret)
+	if err != nil {
+		return nil, err
+	} else {
+		client.SetTimeout(config.HTTPTimeout)
+	}

 	return &DNSProvider{
 		client: client,
@@ -122,13 +126,13 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }

-func (d *DNSProvider) getDNSZone(zoneName string) (*dnslasdk.DomainInfo, error) {
-	pageIndex := 1
-	pageSize := 100
+func (d *DNSProvider) getDNSZone(zoneName string) (*dnslasdk.DomainRecord, error) {
+	pageIndex := int32(1)
+	pageSize := int32(100)
 	for {
 		request := &dnslasdk.ListDomainsRequest{
-			PageIndex: int32(pageIndex),
-			PageSize:  int32(pageSize),
+			PageIndex: &pageIndex,
+			PageSize:  &pageSize,
 		}
 		response, err := d.client.ListDomains(request)
 		if err != nil {
@@ -143,7 +147,7 @@ func (d *DNSProvider) getDNSZone(zoneName string) (*dnslasdk.DomainInfo, error)
 			}
 		}

-		if response.Data == nil || len(response.Data.Results) < pageSize {
+		if response.Data == nil || len(response.Data.Results) < int(pageSize) {
 			break
 		}

@@ -153,20 +157,20 @@ func (d *DNSProvider) getDNSZone(zoneName string) (*dnslasdk.DomainInfo, error)
 	return nil, fmt.Errorf("dnsla: zone %s not found", zoneName)
 }

-func (d *DNSProvider) getDNSZoneAndRecord(zoneName, subDomain string) (*dnslasdk.DomainInfo, *dnslasdk.RecordInfo, error) {
+func (d *DNSProvider) getDNSZoneAndRecord(zoneName, subDomain string) (*dnslasdk.DomainRecord, *dnslasdk.DnsRecord, error) {
 	zone, err := d.getDNSZone(zoneName)
 	if err != nil {
 		return nil, nil, err
 	}

-	pageIndex := 1
-	pageSize := 100
+	pageIndex := int32(1)
+	pageSize := int32(100)
 	for {
 		request := &dnslasdk.ListRecordsRequest{
-			DomainId:  zone.Id,
+			DomainId:  &zone.Id,
 			Host:      &subDomain,
-			PageIndex: int32(pageIndex),
-			PageSize:  int32(pageSize),
+			PageIndex: &pageIndex,
+			PageSize:  &pageSize,
 		}
 		response, err := d.client.ListRecords(request)
 		if err != nil {
@@ -181,7 +185,7 @@ func (d *DNSProvider) getDNSZoneAndRecord(zoneName, subDomain string) (*dnslasdk
 			}
 		}

-		if response.Data == nil || len(response.Data.Results) < pageSize {
+		if response.Data == nil || len(response.Data.Results) < int(pageSize) {
 			break
 		}

@@ -231,10 +235,7 @@ func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {
 	if record == nil {
 		return nil
 	} else {
-		request := &dnslasdk.DeleteRecordRequest{
-			Id: record.Id,
-		}
-		_, err = d.client.DeleteRecord(request)
+		_, err = d.client.DeleteRecord(record.Id)
 		return err
 	}
 }
--- a/internal/pkg/core/applicator/acme-dns01/lego-providers/gname/internal/lego.go
+++ b/internal/pkg/core/applicator/acme-dns01/lego-providers/gname/internal/lego.go
@@ -10,6 +10,7 @@ import (
 	"github.com/go-acme/lego/v4/platform/config/env"

 	gnamesdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/gname"
+	xtypes "github.com/usual2970/certimate/internal/pkg/utils/types"
 )

 const (
@@ -68,8 +69,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("gname: the configuration of the DNS provider is nil")
 	}

-	client := gnamesdk.NewClient(config.AppID, config.AppKey).
-		WithTimeout(config.HTTPTimeout)
+	client, err := gnamesdk.NewClient(config.AppID, config.AppKey)
+	if err != nil {
+		return nil, err
+	} else {
+		client.SetTimeout(config.HTTPTimeout)
+	}

 	return &DNSProvider{
 		client: client,
@@ -121,14 +126,15 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }

-func (d *DNSProvider) findDNSRecord(zoneName, subDomain string) (*gnamesdk.ResolutionRecord, error) {
+func (d *DNSProvider) findDNSRecord(zoneName, subDomain string) (*gnamesdk.DomainResolutionRecordord, error) {
 	page := int32(1)
 	pageSize := int32(20)
 	for {
-		request := &gnamesdk.ListDomainResolutionRequest{}
-		request.ZoneName = zoneName
-		request.Page = &page
-		request.PageSize = &pageSize
+		request := &gnamesdk.ListDomainResolutionRequest{
+			ZoneName: xtypes.ToPtr(zoneName),
+			Page:     xtypes.ToPtr(page),
+			PageSize: xtypes.ToPtr(pageSize),
+		}

 		response, err := d.client.ListDomainResolution(request)
 		if err != nil {
@@ -162,23 +168,23 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er

 	if record == nil {
 		request := &gnamesdk.AddDomainResolutionRequest{
-			ZoneName:    zoneName,
-			RecordType:  "TXT",
-			RecordName:  subDomain,
-			RecordValue: value,
-			TTL:         int32(d.config.TTL),
+			ZoneName:    xtypes.ToPtr(zoneName),
+			RecordType:  xtypes.ToPtr("TXT"),
+			RecordName:  xtypes.ToPtr(subDomain),
+			RecordValue: xtypes.ToPtr(value),
+			TTL:         xtypes.ToPtr(int32(d.config.TTL)),
 		}
 		_, err := d.client.AddDomainResolution(request)
 		return err
 	} else {
 		recordId, _ := record.ID.Int64()
 		request := &gnamesdk.ModifyDomainResolutionRequest{
-			ID:          recordId,
-			ZoneName:    zoneName,
-			RecordType:  "TXT",
-			RecordName:  subDomain,
-			RecordValue: value,
-			TTL:         int32(d.config.TTL),
+			ID:          xtypes.ToPtr(recordId),
+			ZoneName:    xtypes.ToPtr(zoneName),
+			RecordType:  xtypes.ToPtr("TXT"),
+			RecordName:  xtypes.ToPtr(subDomain),
+			RecordValue: xtypes.ToPtr(value),
+			TTL:         xtypes.ToPtr(int32(d.config.TTL)),
 		}
 		_, err := d.client.ModifyDomainResolution(request)
 		return err
@@ -197,8 +203,8 @@ func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {

 	recordId, _ := record.ID.Int64()
 	request := &gnamesdk.DeleteDomainResolutionRequest{
-		ZoneName: zoneName,
-		RecordID: recordId,
+		ZoneName: xtypes.ToPtr(zoneName),
+		RecordID: xtypes.ToPtr(recordId),
 	}
 	_, err = d.client.DeleteDomainResolution(request)
 	return err
--- a/internal/pkg/core/applicator/acme-dns01/lego-providers/ucloud-udnr/internal/lego.go
+++ b/internal/pkg/core/applicator/acme-dns01/lego-providers/ucloud-udnr/internal/lego.go
@@ -71,6 +71,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	}

 	cfg := ucloud.NewConfig()
+	cfg.Timeout = config.HTTPTimeout
 	credential := auth.NewCredential()
 	credential.PrivateKey = config.PrivateKey
 	credential.PublicKey = config.PublicKey
--- a/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go
+++ b/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go
@@ -3,13 +3,13 @@ package onepanelconsole
 import (
 	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
+	"strconv"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	onepanelsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel"
+	onepanelsdkv2 "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel/v2"
 )

 type DeployerConfig struct {
@@ -29,7 +29,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *onepanelsdk.Client
+	sdkClient any
 }

 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -62,48 +62,75 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {

 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 设置面板 SSL 证书
-	SSLEnable := "enable"
-	if d.config.ApiVersion == "v2" {
-		SSLEnable = "Enable"
-	}
+	switch sdkClient := d.sdkClient.(type) {
+	case *onepanelsdk.Client:
+		{
+			updateSettingsSSLReq := &onepanelsdk.UpdateSettingsSSLRequest{
+				Cert:        certPEM,
+				Key:         privkeyPEM,
+				SSL:         "enable",
+				SSLType:     "import-paste",
+				AutoRestart: strconv.FormatBool(d.config.AutoRestart),
+			}
+			updateSystemSSLResp, err := sdkClient.UpdateSettingsSSL(updateSettingsSSLReq)
+			d.logger.Debug("sdk request '1panel.UpdateSettingsSSL'", slog.Any("request", updateSettingsSSLReq), slog.Any("response", updateSystemSSLResp))
+			if err != nil {
+				return nil, fmt.Errorf("failed to execute sdk request '1panel.UpdateSettingsSSL': %w", err)
+			}
+		}

-	updateSystemSSLReq := &onepanelsdk.UpdateSystemSSLRequest{
-		Cert:    certPEM,
-		Key:     privkeyPEM,
-		SSL:     SSLEnable,
-		SSLType: "import-paste",
-	}
-	if d.config.AutoRestart {
-		updateSystemSSLReq.AutoRestart = "true"
-	} else {
-		updateSystemSSLReq.AutoRestart = "false"
-	}
-	updateSystemSSLResp, err := d.sdkClient.UpdateSystemSSL(updateSystemSSLReq)
-	d.logger.Debug("sdk request '1panel.UpdateSystemSSL'", slog.Any("request", updateSystemSSLReq), slog.Any("response", updateSystemSSLResp))
-	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request '1panel.UpdateSystemSSL': %w", err)
+	case *onepanelsdkv2.Client:
+		{
+			updateCoreSettingsSSLReq := &onepanelsdkv2.UpdateCoreSettingsSSLRequest{
+				Cert:        certPEM,
+				Key:         privkeyPEM,
+				SSL:         "Enable",
+				SSLType:     "import-paste",
+				AutoRestart: strconv.FormatBool(d.config.AutoRestart),
+			}
+			updateCoreSystemSSLResp, err := sdkClient.UpdateCoreSettingsSSL(updateCoreSettingsSSLReq)
+			d.logger.Debug("sdk request '1panel.UpdateCoreSettingsSSL'", slog.Any("request", updateCoreSettingsSSLReq), slog.Any("response", updateCoreSystemSSLResp))
+			if err != nil {
+				return nil, fmt.Errorf("failed to execute sdk request '1panel.UpdateCoreSettingsSSL': %w", err)
+			}
+		}
+
+	default:
+		panic("sdk client is not implemented")
 	}

 	return &deployer.DeployResult{}, nil
 }

-func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (*onepanelsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid 1panel server url")
+const (
+	sdkVersionV1 = "v1"
+	sdkVersionV2 = "v2"
+)
+
+func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (any, error) {
+	if apiVersion == sdkVersionV1 {
+		client, err := onepanelsdk.NewClient(serverUrl, apiKey)
+		if err != nil {
+			return nil, err
+		}
+
+		if skipTlsVerify {
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		}
+
+		return client, nil
+	} else if apiVersion == sdkVersionV2 {
+		client, err := onepanelsdkv2.NewClient(serverUrl, apiKey)
+		if err != nil {
+			return nil, err
+		}
+
+		if skipTlsVerify {
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		}
+
+		return client, nil
 	}

-	if apiVersion == "" {
-		return nil, errors.New("invalid 1panel api version")
-	}
-
-	if apiKey == "" {
-		return nil, errors.New("invalid 1panel api key")
-	}
-
-	client := onepanelsdk.NewClient(serverUrl, apiVersion, apiKey)
-	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
-	}
-
-	return client, nil
+	return nil, fmt.Errorf("invalid 1panel api version")
 }
--- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
@@ -6,13 +6,13 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
 	"strconv"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/1panel-ssl"
 	onepanelsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel"
+	onepanelsdkv2 "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel/v2"
 )

 type DeployerConfig struct {
@@ -38,7 +38,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *onepanelsdk.Client
+	sdkClient   any
 	sslUploader uploader.Uploader
 }

@@ -107,16 +107,6 @@ func (d *DeployerProvider) deployToWebsite(ctx context.Context, certPEM string,
 		return errors.New("config `websiteId` is required")
 	}

-	// 获取网站 HTTPS 配置
-	getHttpsConfReq := &onepanelsdk.GetHttpsConfRequest{
-		WebsiteID: d.config.WebsiteId,
-	}
-	getHttpsConfResp, err := d.sdkClient.GetHttpsConf(getHttpsConfReq)
-	d.logger.Debug("sdk request '1panel.GetHttpsConf'", slog.Any("request", getHttpsConfReq), slog.Any("response", getHttpsConfResp))
-	if err != nil {
-		return fmt.Errorf("failed to execute sdk request '1panel.GetHttpsConf': %w", err)
-	}
-
 	// 上传证书到面板
 	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
@@ -125,22 +115,65 @@ func (d *DeployerProvider) deployToWebsite(ctx context.Context, certPEM string,
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}

-	// 修改网站 HTTPS 配置
-	certId, _ := strconv.ParseInt(upres.CertId, 10, 64)
-	updateHttpsConfReq := &onepanelsdk.UpdateHttpsConfRequest{
-		WebsiteID:    d.config.WebsiteId,
-		Type:         "existed",
-		WebsiteSSLID: certId,
-		Enable:       getHttpsConfResp.Data.Enable,
-		HttpConfig:   getHttpsConfResp.Data.HttpConfig,
-		SSLProtocol:  getHttpsConfResp.Data.SSLProtocol,
-		Algorithm:    getHttpsConfResp.Data.Algorithm,
-		Hsts:         getHttpsConfResp.Data.Hsts,
-	}
-	updateHttpsConfResp, err := d.sdkClient.UpdateHttpsConf(updateHttpsConfReq)
-	d.logger.Debug("sdk request '1panel.UpdateHttpsConf'", slog.Any("request", updateHttpsConfReq), slog.Any("response", updateHttpsConfResp))
-	if err != nil {
-		return fmt.Errorf("failed to execute sdk request '1panel.UpdateHttpsConf': %w", err)
+	switch sdkClient := d.sdkClient.(type) {
+	case *onepanelsdk.Client:
+		{
+			// 获取网站 HTTPS 配置
+			getHttpsConfResp, err := sdkClient.GetHttpsConf(d.config.WebsiteId)
+			d.logger.Debug("sdk request '1panel.GetHttpsConf'", slog.Int64("websiteId", d.config.WebsiteId), slog.Any("response", getHttpsConfResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.GetHttpsConf': %w", err)
+			}
+
+			// 修改网站 HTTPS 配置
+			certId, _ := strconv.ParseInt(upres.CertId, 10, 64)
+			updateHttpsConfReq := &onepanelsdk.UpdateHttpsConfRequest{
+				WebsiteID:    d.config.WebsiteId,
+				Type:         "existed",
+				WebsiteSSLID: certId,
+				Enable:       getHttpsConfResp.Data.Enable,
+				HttpConfig:   getHttpsConfResp.Data.HttpConfig,
+				SSLProtocol:  getHttpsConfResp.Data.SSLProtocol,
+				Algorithm:    getHttpsConfResp.Data.Algorithm,
+				Hsts:         getHttpsConfResp.Data.Hsts,
+			}
+			updateHttpsConfResp, err := sdkClient.UpdateHttpsConf(d.config.WebsiteId, updateHttpsConfReq)
+			d.logger.Debug("sdk request '1panel.UpdateHttpsConf'", slog.Int64("websiteId", d.config.WebsiteId), slog.Any("request", updateHttpsConfReq), slog.Any("response", updateHttpsConfResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.UpdateHttpsConf': %w", err)
+			}
+		}
+
+	case *onepanelsdkv2.Client:
+		{
+			// 获取网站 HTTPS 配置
+			getHttpsConfResp, err := sdkClient.GetHttpsConf(d.config.WebsiteId)
+			d.logger.Debug("sdk request '1panel.GetHttpsConf'", slog.Int64("websiteId", d.config.WebsiteId), slog.Any("response", getHttpsConfResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.GetHttpsConf': %w", err)
+			}
+
+			// 修改网站 HTTPS 配置
+			certId, _ := strconv.ParseInt(upres.CertId, 10, 64)
+			updateHttpsConfReq := &onepanelsdkv2.UpdateHttpsConfRequest{
+				WebsiteID:    d.config.WebsiteId,
+				Type:         "existed",
+				WebsiteSSLID: certId,
+				Enable:       getHttpsConfResp.Data.Enable,
+				HttpConfig:   getHttpsConfResp.Data.HttpConfig,
+				SSLProtocol:  getHttpsConfResp.Data.SSLProtocol,
+				Algorithm:    getHttpsConfResp.Data.Algorithm,
+				Hsts:         getHttpsConfResp.Data.Hsts,
+			}
+			updateHttpsConfResp, err := sdkClient.UpdateHttpsConf(d.config.WebsiteId, updateHttpsConfReq)
+			d.logger.Debug("sdk request '1panel.UpdateHttpsConf'", slog.Int64("websiteId", d.config.WebsiteId), slog.Any("request", updateHttpsConfReq), slog.Any("response", updateHttpsConfResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.UpdateHttpsConf': %w", err)
+			}
+		}
+
+	default:
+		panic("sdk client is not implemented")
 	}

 	return nil
@@ -151,50 +184,91 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 		return errors.New("config `certificateId` is required")
 	}

-	// 获取证书详情
-	getWebsiteSSLReq := &onepanelsdk.GetWebsiteSSLRequest{
-		SSLID: d.config.CertificateId,
-	}
-	getWebsiteSSLResp, err := d.sdkClient.GetWebsiteSSL(getWebsiteSSLReq)
-	d.logger.Debug("sdk request '1panel.GetWebsiteSSL'", slog.Any("request", getWebsiteSSLReq), slog.Any("response", getWebsiteSSLResp))
-	if err != nil {
-		return fmt.Errorf("failed to execute sdk request '1panel.GetWebsiteSSL': %w", err)
-	}
+	switch sdkClient := d.sdkClient.(type) {
+	case *onepanelsdk.Client:
+		{
+			// 获取证书详情
+			getWebsiteSSLResp, err := sdkClient.GetWebsiteSSL(d.config.CertificateId)
+			d.logger.Debug("sdk request '1panel.GetWebsiteSSL'", slog.Any("sslId", d.config.CertificateId), slog.Any("response", getWebsiteSSLResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.GetWebsiteSSL': %w", err)
+			}

-	// 更新证书
-	uploadWebsiteSSLReq := &onepanelsdk.UploadWebsiteSSLRequest{
-		Type:        "paste",
-		SSLID:       d.config.CertificateId,
-		Description: getWebsiteSSLResp.Data.Description,
-		Certificate: certPEM,
-		PrivateKey:  privkeyPEM,
-	}
-	uploadWebsiteSSLResp, err := d.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
-	d.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
-	if err != nil {
-		return fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
+			// 更新证书
+			uploadWebsiteSSLReq := &onepanelsdk.UploadWebsiteSSLRequest{
+				SSLID:       d.config.CertificateId,
+				Type:        "paste",
+				Description: getWebsiteSSLResp.Data.Description,
+				Certificate: certPEM,
+				PrivateKey:  privkeyPEM,
+			}
+			uploadWebsiteSSLResp, err := sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
+			d.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
+			}
+		}
+
+	case *onepanelsdkv2.Client:
+		{
+			// 获取证书详情
+			getWebsiteSSLResp, err := sdkClient.GetWebsiteSSL(d.config.CertificateId)
+			d.logger.Debug("sdk request '1panel.GetWebsiteSSL'", slog.Any("sslId", d.config.CertificateId), slog.Any("response", getWebsiteSSLResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.GetWebsiteSSL': %w", err)
+			}
+
+			// 更新证书
+			uploadWebsiteSSLReq := &onepanelsdkv2.UploadWebsiteSSLRequest{
+				SSLID:       d.config.CertificateId,
+				Type:        "paste",
+				Description: getWebsiteSSLResp.Data.Description,
+				Certificate: certPEM,
+				PrivateKey:  privkeyPEM,
+			}
+			uploadWebsiteSSLResp, err := sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
+			d.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
+			}
+		}
+
+	default:
+		panic("sdk client is not implemented")
 	}

 	return nil
 }

-func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (*onepanelsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid 1panel server url")
+const (
+	sdkVersionV1 = "v1"
+	sdkVersionV2 = "v2"
+)
+
+func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (any, error) {
+	if apiVersion == sdkVersionV1 {
+		client, err := onepanelsdk.NewClient(serverUrl, apiKey)
+		if err != nil {
+			return nil, err
+		}
+
+		if skipTlsVerify {
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		}
+
+		return client, nil
+	} else if apiVersion == sdkVersionV2 {
+		client, err := onepanelsdkv2.NewClient(serverUrl, apiKey)
+		if err != nil {
+			return nil, err
+		}
+
+		if skipTlsVerify {
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		}
+
+		return client, nil
 	}

-	if apiVersion == "" {
-		return nil, errors.New("invalid 1panel api version")
-	}
-
-	if apiKey == "" {
-		return nil, errors.New("invalid 1panel api key")
-	}
-
-	client := onepanelsdk.NewClient(serverUrl, apiVersion, apiKey)
-	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
-	}
-
-	return client, nil
+	return nil, fmt.Errorf("invalid 1panel api version")
 }
--- a/internal/pkg/core/deployer/providers/apisix/apisix.go
+++ b/internal/pkg/core/deployer/providers/apisix/apisix.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	apisixsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/apisix"
@@ -91,15 +90,14 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	// 更新 SSL 证书
 	// REF: https://apisix.apache.org/zh/docs/apisix/admin-api/#ssl
 	updateSSLReq := &apisixsdk.UpdateSSLRequest{
-		ID:     d.config.CertificateId,
 		Cert:   xtypes.ToPtr(certPEM),
 		Key:    xtypes.ToPtr(privkeyPEM),
 		SNIs:   xtypes.ToPtr(certX509.DNSNames),
 		Type:   xtypes.ToPtr("server"),
 		Status: xtypes.ToPtr(int32(1)),
 	}
-	updateSSLResp, err := d.sdkClient.UpdateSSL(updateSSLReq)
-	d.logger.Debug("sdk request 'apisix.UpdateSSL'", slog.Any("request", updateSSLReq), slog.Any("response", updateSSLResp))
+	updateSSLResp, err := d.sdkClient.UpdateSSL(d.config.CertificateId, updateSSLReq)
+	d.logger.Debug("sdk request 'apisix.UpdateSSL'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateSSLReq), slog.Any("response", updateSSLResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request 'apisix.UpdateSSL': %w", err)
 	}
@@ -108,17 +106,13 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 }

 func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*apisixsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid apisix server url")
+	client, err := apisixsdk.NewClient(serverUrl, apiKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiKey == "" {
-		return nil, errors.New("invalid apisix api key")
-	}
-
-	client := apisixsdk.NewClient(serverUrl, apiKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go
+++ b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go
@@ -16,7 +16,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/azure-keyvault"
-	azcommon "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/common"
+	azenv "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/env"
 	xcert "github.com/usual2970/certimate/internal/pkg/utils/cert"
 )

@@ -149,7 +149,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(tenantId, clientId, clientSecret, cloudName, keyvaultName string) (*azcertificates.Client, error) {
-	env, err := azcommon.GetCloudEnvironmentConfiguration(cloudName)
+	env, err := azenv.GetCloudEnvConfiguration(cloudName)
 	if err != nil {
 		return nil, err
 	}
@@ -162,9 +162,9 @@ func createSdkClient(tenantId, clientId, clientSecret, cloudName, keyvaultName s
 	}

 	endpoint := fmt.Sprintf("https://%s.vault.azure.net", keyvaultName)
-	if azcommon.IsEnvironmentGovernment(cloudName) {
+	if azenv.IsUSGovernmentEnv(cloudName) {
 		endpoint = fmt.Sprintf("https://%s.vault.usgovcloudapi.net", keyvaultName)
-	} else if azcommon.IsEnvironmentChina(cloudName) {
+	} else if azenv.IsChinaEnv(cloudName) {
 		endpoint = fmt.Sprintf("https://%s.vault.azure.cn", keyvaultName)
 	}

--- a/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
+++ b/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
@@ -12,6 +12,7 @@ import (

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	bssdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/baishan"
+	xtypes "github.com/usual2970/certimate/internal/pkg/utils/types"
 )

 type DeployerConfig struct {
@@ -68,34 +69,34 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		// 新增证书
 		// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
 		certificateId := ""
-		createCertificateReq := &bssdk.CreateCertificateRequest{
-			Certificate: certPEM,
-			Key:         privkeyPEM,
-			Name:        fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
+		setDomainCertificateReq := &bssdk.SetDomainCertificateRequest{
+			Name:        xtypes.ToPtr(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())),
+			Certificate: xtypes.ToPtr(certPEM),
+			Key:         xtypes.ToPtr(privkeyPEM),
 		}
-		createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
-		d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+		setDomainCertificateResp, err := d.sdkClient.SetDomainCertificate(setDomainCertificateReq)
+		d.logger.Debug("sdk request 'baishan.SetDomainCertificate'", slog.Any("request", setDomainCertificateReq), slog.Any("response", setDomainCertificateResp))
 		if err != nil {
-			if createCertificateResp != nil {
-				if createCertificateResp.GetCode() == 400699 && strings.Contains(createCertificateResp.GetMessage(), "this certificate is exists") {
+			if setDomainCertificateResp != nil {
+				if setDomainCertificateResp.GetCode() == 400699 && strings.Contains(setDomainCertificateResp.GetMessage(), "this certificate is exists") {
 					// 证书已存在，忽略新增证书接口错误
 					re := regexp.MustCompile(`\d+`)
-					certificateId = re.FindString(createCertificateResp.GetMessage())
+					certificateId = re.FindString(setDomainCertificateResp.GetMessage())
 				}
 			}

 			if certificateId == "" {
-				return nil, fmt.Errorf("failed to execute sdk request 'baishan.CreateCertificate': %w", err)
+				return nil, fmt.Errorf("failed to execute sdk request 'baishan.SetDomainCertificate': %w", err)
 			}
 		} else {
-			certificateId = createCertificateResp.Data.CertId.String()
+			certificateId = setDomainCertificateResp.Data.CertId.String()
 		}

 		// 查询域名配置
 		// REF: https://portal.baishancloud.com/track/document/api/1/1065
 		getDomainConfigReq := &bssdk.GetDomainConfigRequest{
-			Domains: d.config.Domain,
-			Config:  []string{"https"},
+			Domains: xtypes.ToPtr(d.config.Domain),
+			Config:  xtypes.ToPtr([]string{"https"}),
 		}
 		getDomainConfigResp, err := d.sdkClient.GetDomainConfig(getDomainConfigReq)
 		d.logger.Debug("sdk request 'baishan.GetDomainConfig'", slog.Any("request", getDomainConfigReq), slog.Any("response", getDomainConfigResp))
@@ -108,7 +109,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		// 设置域名配置
 		// REF: https://portal.baishancloud.com/track/document/api/1/1045
 		setDomainConfigReq := &bssdk.SetDomainConfigRequest{
-			Domains: d.config.Domain,
+			Domains: xtypes.ToPtr(d.config.Domain),
 			Config: &bssdk.DomainConfig{
 				Https: &bssdk.DomainConfigHttps{
 					CertId:      json.Number(certificateId),
@@ -126,16 +127,16 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	} else {
 		// 替换证书
 		// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
-		createCertificateReq := &bssdk.CreateCertificateRequest{
+		setDomainCertificateReq := &bssdk.SetDomainCertificateRequest{
 			CertificateId: &d.config.CertificateId,
-			Certificate:   certPEM,
-			Key:           privkeyPEM,
-			Name:          fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
+			Name:          xtypes.ToPtr(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())),
+			Certificate:   xtypes.ToPtr(certPEM),
+			Key:           xtypes.ToPtr(privkeyPEM),
 		}
-		createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
-		d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+		setDomainCertificateResp, err := d.sdkClient.SetDomainCertificate(setDomainCertificateReq)
+		d.logger.Debug("sdk request 'baishan.SetDomainCertificate'", slog.Any("request", setDomainCertificateReq), slog.Any("response", setDomainCertificateResp))
 		if err != nil {
-			return nil, fmt.Errorf("failed to execute sdk request 'baishan.CreateCertificate': %w", err)
+			return nil, fmt.Errorf("failed to execute sdk request 'baishan.SetDomainCertificate': %w", err)
 		}
 	}

@@ -143,10 +144,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(apiToken string) (*bssdk.Client, error) {
-	if apiToken == "" {
-		return nil, errors.New("invalid baishan api token")
-	}
-
-	client := bssdk.NewClient(apiToken)
-	return client, nil
+	return bssdk.NewClient(apiToken)
 }
--- a/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go
+++ b/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go
@@ -3,10 +3,8 @@ package baotapanelconsole
 import (
 	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	btsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/btpanel"
@@ -83,17 +81,13 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid baota server url")
+	client, err := btsdk.NewClient(serverUrl, apiKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiKey == "" {
-		return nil, errors.New("invalid baota api key")
-	}
-
-	client := btsdk.NewClient(serverUrl, apiKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go
+++ b/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	btsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/btpanel"
@@ -125,17 +124,13 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid baota server url")
+	client, err := btsdk.NewClient(serverUrl, apiKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiKey == "" {
-		return nil, errors.New("invalid baota api key")
-	}
-
-	client := btsdk.NewClient(serverUrl, apiKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/baotawaf-console/baotawaf_console.go
+++ b/internal/pkg/core/deployer/providers/baotawaf-console/baotawaf_console.go
@@ -3,13 +3,12 @@ package baotapanelconsole
 import (
 	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	btsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/btwaf"
+	btwafsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/btwaf"
+	xtypes "github.com/usual2970/certimate/internal/pkg/utils/types"
 )

 type DeployerConfig struct {
@@ -24,7 +23,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *btsdk.Client
+	sdkClient *btwafsdk.Client
 }

 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -57,31 +56,27 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {

 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 设置面板 SSL
-	configSetSSLReq := &btsdk.ConfigSetSSLRequest{
-		CertContent: certPEM,
-		KeyContent:  privkeyPEM,
+	configSetCertReq := &btwafsdk.ConfigSetCertRequest{
+		CertContent: xtypes.ToPtr(certPEM),
+		KeyContent:  xtypes.ToPtr(privkeyPEM),
 	}
-	configSetSSLResp, err := d.sdkClient.ConfigSetSSL(configSetSSLReq)
-	d.logger.Debug("sdk request 'bt.ConfigSetSSL'", slog.Any("request", configSetSSLReq), slog.Any("response", configSetSSLResp))
+	configSetCertResp, err := d.sdkClient.ConfigSetCert(configSetCertReq)
+	d.logger.Debug("sdk request 'bt.ConfigSetCert'", slog.Any("request", configSetCertReq), slog.Any("response", configSetCertResp))
 	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'bt.ConfigSetSSL': %w", err)
+		return nil, fmt.Errorf("failed to execute sdk request 'bt.ConfigSetCert': %w", err)
 	}

 	return &deployer.DeployResult{}, nil
 }

-func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid baota server url")
+func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*btwafsdk.Client, error) {
+	client, err := btwafsdk.NewClient(serverUrl, apiKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiKey == "" {
-		return nil, errors.New("invalid baota api key")
-	}
-
-	client := btsdk.NewClient(serverUrl, apiKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/baotawaf-site/baotawaf_site.go
+++ b/internal/pkg/core/deployer/providers/baotawaf-site/baotawaf_site.go
@@ -6,10 +6,9 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	btsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/btwaf"
+	btwafsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/btwaf"
 	xtypes "github.com/usual2970/certimate/internal/pkg/utils/types"
 )

@@ -30,7 +29,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *btsdk.Client
+	sdkClient *btwafsdk.Client
 }

 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -81,7 +80,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		default:
 		}

-		getSiteListReq := &btsdk.GetSiteListRequest{
+		getSiteListReq := &btwafsdk.GetSiteListRequest{
 			SiteName: xtypes.ToPtr(d.config.SiteName),
 			Page:     xtypes.ToPtr(getSitListPage),
 			PageSize: xtypes.ToPtr(getSitListPageSize),
@@ -112,12 +111,12 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	}

 	// 修改站点配置
-	modifySiteReq := &btsdk.ModifySiteRequest{
-		SiteId: siteId,
+	modifySiteReq := &btwafsdk.ModifySiteRequest{
+		SiteId: xtypes.ToPtr(siteId),
 		Type:   xtypes.ToPtr("openCert"),
-		Server: &btsdk.SiteServerInfo{
+		Server: &btwafsdk.SiteServerInfo{
 			ListenSSLPorts: xtypes.ToPtr([]int32{d.config.SitePort}),
-			SSL: &btsdk.SiteServerSSLInfo{
+			SSL: &btwafsdk.SiteServerSSLInfo{
 				IsSSL:      xtypes.ToPtr(int32(1)),
 				FullChain:  xtypes.ToPtr(certPEM),
 				PrivateKey: xtypes.ToPtr(privkeyPEM),
@@ -133,18 +132,14 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	return &deployer.DeployResult{}, nil
 }

-func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid baota server url")
+func createSdkClient(serverUrl, apiKey string, skipTlsVerify bool) (*btwafsdk.Client, error) {
+	client, err := btwafsdk.NewClient(serverUrl, apiKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiKey == "" {
-		return nil, errors.New("invalid baota api key")
-	}
-
-	client := btsdk.NewClient(serverUrl, apiKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go
+++ b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go
@@ -32,10 +32,15 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}

+	client, err := createSdkClient(config.ApiKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}
+
 	return &DeployerProvider{
 		config:    config,
 		logger:    slog.Default(),
-		sdkClient: bunnysdk.NewClient(config.ApiKey),
+		sdkClient: client,
 	}, nil
 }

@@ -49,18 +54,25 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 }

 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
+	if d.config.PullZoneId == "" {
+		return nil, fmt.Errorf("config `pullZoneId` is required")
+	}
+
 	// 上传证书
 	createCertificateReq := &bunnysdk.AddCustomCertificateRequest{
 		Hostname:       d.config.Hostname,
-		PullZoneId:     d.config.PullZoneId,
 		Certificate:    base64.StdEncoding.EncodeToString([]byte(certPEM)),
 		CertificateKey: base64.StdEncoding.EncodeToString([]byte(privkeyPEM)),
 	}
-	createCertificateResp, err := d.sdkClient.AddCustomCertificate(createCertificateReq)
-	d.logger.Debug("sdk request 'bunny.AddCustomCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+	err := d.sdkClient.AddCustomCertificate(d.config.PullZoneId, createCertificateReq)
+	d.logger.Debug("sdk request 'bunny.AddCustomCertificate'", slog.Any("request", createCertificateReq))
 	if err != nil {
 		return nil, fmt.Errorf("failed to execute sdk request 'bunny.AddCustomCertificate': %w", err)
 	}

 	return &deployer.DeployResult{}, nil
 }
+
+func createSdkClient(apiKey string) (*bunnysdk.Client, error) {
+	return bunnysdk.NewClient(apiKey)
+}
--- a/internal/pkg/core/deployer/providers/cachefly/cachefly.go
+++ b/internal/pkg/core/deployer/providers/cachefly/cachefly.go
@@ -2,12 +2,12 @@ package cachefly

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	cfsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/cachefly"
+	cacheflysdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/cachefly"
+	xtypes "github.com/usual2970/certimate/internal/pkg/utils/types"
 )

 type DeployerConfig struct {
@@ -18,7 +18,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *cfsdk.Client
+	sdkClient *cacheflysdk.Client
 }

 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -52,9 +52,9 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 上传证书
 	// REF: https://api.cachefly.com/api/2.5/docs#tag/Certificates/paths/~1certificates/post
-	createCertificateReq := &cfsdk.CreateCertificateRequest{
-		Certificate:    certPEM,
-		CertificateKey: privkeyPEM,
+	createCertificateReq := &cacheflysdk.CreateCertificateRequest{
+		Certificate:    xtypes.ToPtr(certPEM),
+		CertificateKey: xtypes.ToPtr(privkeyPEM),
 	}
 	createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
 	d.logger.Debug("sdk request 'cachefly.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
@@ -65,11 +65,6 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	return &deployer.DeployResult{}, nil
 }

-func createSdkClient(apiToken string) (*cfsdk.Client, error) {
-	if apiToken == "" {
-		return nil, errors.New("invalid cachefly api token")
-	}
-
-	client := cfsdk.NewClient(apiToken)
-	return client, nil
+func createSdkClient(apiToken string) (*cacheflysdk.Client, error) {
+	return cacheflysdk.NewClient(apiToken)
 }
--- a/internal/pkg/core/deployer/providers/cdnfly/cdnfly.go
+++ b/internal/pkg/core/deployer/providers/cdnfly/cdnfly.go
@@ -7,11 +7,11 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
 	"time"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	cfsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/cdnfly"
+	cdnflysdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/cdnfly"
+	xtypes "github.com/usual2970/certimate/internal/pkg/utils/types"
 )

 type DeployerConfig struct {
@@ -36,7 +36,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *cfsdk.Client
+	sdkClient *cdnflysdk.Client
 }

 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -94,27 +94,24 @@ func (d *DeployerProvider) deployToSite(ctx context.Context, certPEM string, pri

 	// 获取单个网站详情
 	// REF: https://doc.cdnfly.cn/wangzhanguanli-v1-sites.html#%E8%8E%B7%E5%8F%96%E5%8D%95%E4%B8%AA%E7%BD%91%E7%AB%99%E8%AF%A6%E6%83%85
-	getSiteReq := &cfsdk.GetSiteRequest{
-		Id: d.config.SiteId,
-	}
-	getSiteResp, err := d.sdkClient.GetSite(getSiteReq)
-	d.logger.Debug("sdk request 'cdnfly.GetSite'", slog.Any("request", getSiteReq), slog.Any("response", getSiteResp))
+	getSiteResp, err := d.sdkClient.GetSite(d.config.SiteId)
+	d.logger.Debug("sdk request 'cdnfly.GetSite'", slog.Any("siteId", d.config.SiteId), slog.Any("response", getSiteResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request 'cdnfly.GetSite': %w", err)
 	}

 	// 添加单个证书
 	// REF: https://doc.cdnfly.cn/wangzhanzhengshu-v1-certs.html#%E6%B7%BB%E5%8A%A0%E5%8D%95%E4%B8%AA%E6%88%96%E5%A4%9A%E4%B8%AA%E8%AF%81%E4%B9%A6-%E5%A4%9A%E4%B8%AA%E8%AF%81%E4%B9%A6%E6%97%B6%E6%95%B0%E6%8D%AE%E6%A0%BC%E5%BC%8F%E4%B8%BA%E6%95%B0%E7%BB%84
-	createCertificateReq := &cfsdk.CreateCertificateRequest{
-		Name: fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
-		Type: "custom",
-		Cert: certPEM,
-		Key:  privkeyPEM,
+	createCertificateReq := &cdnflysdk.CreateCertRequest{
+		Name: xtypes.ToPtr(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
+		Type: xtypes.ToPtr("custom"),
+		Cert: xtypes.ToPtr(certPEM),
+		Key:  xtypes.ToPtr(privkeyPEM),
 	}
-	createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
-	d.logger.Debug("sdk request 'cdnfly.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+	createCertificateResp, err := d.sdkClient.CreateCert(createCertificateReq)
+	d.logger.Debug("sdk request 'cdnfly.CreateCert'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
 	if err != nil {
-		return fmt.Errorf("failed to execute sdk request 'cdnfly.CreateCertificate': %w", err)
+		return fmt.Errorf("failed to execute sdk request 'cdnfly.CreateCert': %w", err)
 	}

 	// 修改单个网站
@@ -123,13 +120,11 @@ func (d *DeployerProvider) deployToSite(ctx context.Context, certPEM string, pri
 	_ = json.Unmarshal([]byte(getSiteResp.Data.HttpsListen), &updateSiteHttpsListenMap)
 	updateSiteHttpsListenMap["cert"] = createCertificateResp.Data
 	updateSiteHttpsListenData, _ := json.Marshal(updateSiteHttpsListenMap)
-	updateSiteHttpsListen := string(updateSiteHttpsListenData)
-	updateSiteReq := &cfsdk.UpdateSiteRequest{
-		Id:          d.config.SiteId,
-		HttpsListen: &updateSiteHttpsListen,
+	updateSiteReq := &cdnflysdk.UpdateSiteRequest{
+		HttpsListen: xtypes.ToPtr(string(updateSiteHttpsListenData)),
 	}
-	updateSiteResp, err := d.sdkClient.UpdateSite(updateSiteReq)
-	d.logger.Debug("sdk request 'cdnfly.UpdateSite'", slog.Any("request", updateSiteReq), slog.Any("response", updateSiteResp))
+	updateSiteResp, err := d.sdkClient.UpdateSite(d.config.SiteId, updateSiteReq)
+	d.logger.Debug("sdk request 'cdnfly.UpdateSite'", slog.String("siteId", d.config.SiteId), slog.Any("request", updateSiteReq), slog.Any("response", updateSiteResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request 'cdnfly.UpdateSite': %w", err)
 	}
@@ -144,38 +139,28 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri

 	// 修改单个证书
 	// REF: https://doc.cdnfly.cn/wangzhanzhengshu-v1-certs.html#%E4%BF%AE%E6%94%B9%E5%8D%95%E4%B8%AA%E8%AF%81%E4%B9%A6
-	updateCertificateType := "custom"
-	updateCertificateReq := &cfsdk.UpdateCertificateRequest{
-		Id:   d.config.CertificateId,
-		Type: &updateCertificateType,
-		Cert: &certPEM,
-		Key:  &privkeyPEM,
+	updateCertReq := &cdnflysdk.UpdateCertRequest{
+		Type: xtypes.ToPtr("custom"),
+		Cert: xtypes.ToPtr(certPEM),
+		Key:  xtypes.ToPtr(privkeyPEM),
 	}
-	updateCertificateResp, err := d.sdkClient.UpdateCertificate(updateCertificateReq)
-	d.logger.Debug("sdk request 'cdnfly.UpdateCertificate'", slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
+	updateCertResp, err := d.sdkClient.UpdateCert(d.config.CertificateId, updateCertReq)
+	d.logger.Debug("sdk request 'cdnfly.UpdateCert'", slog.String("certId", d.config.CertificateId), slog.Any("request", updateCertReq), slog.Any("response", updateCertResp))
 	if err != nil {
-		return fmt.Errorf("failed to execute sdk request 'cdnfly.UpdateCertificate': %w", err)
+		return fmt.Errorf("failed to execute sdk request 'cdnfly.UpdateCert': %w", err)
 	}

 	return nil
 }

-func createSdkClient(serverUrl, apiKey, apiSecret string, skipTlsVerify bool) (*cfsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid cachefly server url")
+func createSdkClient(serverUrl, apiKey, apiSecret string, skipTlsVerify bool) (*cdnflysdk.Client, error) {
+	client, err := cdnflysdk.NewClient(serverUrl, apiKey, apiSecret)
+	if err != nil {
+		return nil, err
 	}

-	if apiKey == "" {
-		return nil, errors.New("invalid cachefly api key")
-	}
-
-	if apiSecret == "" {
-		return nil, errors.New("invalid cachefly api secret")
-	}
-
-	client := cfsdk.NewClient(serverUrl, apiKey, apiSecret)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go
+++ b/internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go
@@ -35,7 +35,10 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}

-	client := dogesdk.NewClient(config.AccessKey, config.SecretKey)
+	client, err := createSdkClient(config.AccessKey, config.SecretKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}

 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKey: config.AccessKey,
@@ -64,6 +67,10 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 }

 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
+	if d.config.Domain == "" {
+		return nil, fmt.Errorf("config `domain` is required")
+	}
+
 	// 上传证书到 CDN
 	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
@@ -75,11 +82,19 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	// 绑定证书
 	// REF: https://docs.dogecloud.com/cdn/api-cert-bind
 	bindCdnCertId, _ := strconv.ParseInt(upres.CertId, 10, 64)
-	bindCdnCertResp, err := d.sdkClient.BindCdnCertWithDomain(bindCdnCertId, d.config.Domain)
-	d.logger.Debug("sdk request 'cdn.BindCdnCert'", slog.Int64("request.certId", bindCdnCertId), slog.String("request.domain", d.config.Domain), slog.Any("response", bindCdnCertResp))
+	bindCdnCertReq := &dogesdk.BindCdnCertRequest{
+		CertId: bindCdnCertId,
+		Domain: d.config.Domain,
+	}
+	bindCdnCertResp, err := d.sdkClient.BindCdnCert(bindCdnCertReq)
+	d.logger.Debug("sdk request 'cdn.BindCdnCert'", slog.Any("request", bindCdnCertReq), slog.Any("response", bindCdnCertResp))
 	if err != nil {
 		return nil, fmt.Errorf("failed to execute sdk request 'cdn.BindCdnCert': %w", err)
 	}

 	return &deployer.DeployResult{}, nil
 }
+
+func createSdkClient(accessKey, secretKey string) (*dogesdk.Client, error) {
+	return dogesdk.NewClient(accessKey, secretKey)
+}
--- a/internal/pkg/core/deployer/providers/flexcdn/flexcdn.go
+++ b/internal/pkg/core/deployer/providers/flexcdn/flexcdn.go
@@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
 	"time"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
@@ -120,25 +119,13 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 }

 func createSdkClient(serverUrl, apiRole, accessKeyId, accessKey string, skipTlsVerify bool) (*flexcdnsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid flexcdn server url")
+	client, err := flexcdnsdk.NewClient(serverUrl, apiRole, accessKeyId, accessKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiRole != "user" && apiRole != "admin" {
-		return nil, errors.New("invalid flexcdn api role")
-	}
-
-	if accessKeyId == "" {
-		return nil, errors.New("invalid flexcdn access key id")
-	}
-
-	if accessKey == "" {
-		return nil, errors.New("invalid flexcdn access key")
-	}
-
-	client := flexcdnsdk.NewClient(serverUrl, apiRole, accessKeyId, accessKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/gcore-cdn/gcore_cdn.go
+++ b/internal/pkg/core/deployer/providers/gcore-cdn/gcore_cdn.go
@@ -15,7 +15,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/gcore-cdn"
-	gcoresdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/gcore/common"
+	gcoresdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/gcore"
 )

 type DeployerConfig struct {
--- a/internal/pkg/core/deployer/providers/goedge/goedge.go
+++ b/internal/pkg/core/deployer/providers/goedge/goedge.go
@@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
 	"time"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
@@ -120,25 +119,13 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 }

 func createSdkClient(serverUrl, apiRole, accessKeyId, accessKey string, skipTlsVerify bool) (*goedgesdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid goedge server url")
+	client, err := goedgesdk.NewClient(serverUrl, apiRole, accessKeyId, accessKey)
+	if err != nil {
+		return nil, err
 	}

-	if apiRole != "user" && apiRole != "admin" {
-		return nil, errors.New("invalid goedge api role")
-	}
-
-	if accessKeyId == "" {
-		return nil, errors.New("invalid goedge access key id")
-	}
-
-	if accessKey == "" {
-		return nil, errors.New("invalid goedge access key")
-	}
-
-	client := goedgesdk.NewClient(serverUrl, apiRole, accessKeyId, accessKey)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/lecdn/lecdn.go
+++ b/internal/pkg/core/deployer/providers/lecdn/lecdn.go
@@ -6,12 +6,11 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
 	"time"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	leclientsdkv3 "github.com/usual2970/certimate/internal/pkg/sdk3rd/lecdn/v3/client"
-	lemastersdkv3 "github.com/usual2970/certimate/internal/pkg/sdk3rd/lecdn/v3/master"
+	leclientsdkv3 "github.com/usual2970/certimate/internal/pkg/sdk3rd/lecdn/client-v3"
+	lemastersdkv3 "github.com/usual2970/certimate/internal/pkg/sdk3rd/lecdn/master-v3"
 )

 type DeployerConfig struct {
@@ -42,18 +41,11 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient interface{}
+	sdkClient any
 }

 var _ deployer.Deployer = (*DeployerProvider)(nil)

-const (
-	apiVersionV3 = "v3"
-
-	apiRoleClient = "client"
-	apiRoleMaster = "master"
-)
-
 func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	if config == nil {
 		panic("config is nil")
@@ -104,34 +96,38 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	// REF: https://wdk0pwf8ul.feishu.cn/wiki/YE1XwCRIHiLYeKkPupgcXrlgnDd
 	switch sdkClient := d.sdkClient.(type) {
 	case *leclientsdkv3.Client:
-		updateSSLCertReq := &leclientsdkv3.UpdateCertificateRequest{
-			Name:        fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
-			Description: "upload from certimate",
-			Type:        "upload",
-			SSLPEM:      certPEM,
-			SSLKey:      privkeyPEM,
-			AutoRenewal: false,
-		}
-		updateSSLCertResp, err := sdkClient.UpdateCertificate(d.config.CertificateId, updateSSLCertReq)
-		d.logger.Debug("sdk request 'lecdn.UpdateCertificate'", slog.Int64("certId", d.config.CertificateId), slog.Any("request", updateSSLCertReq), slog.Any("response", updateSSLCertResp))
-		if err != nil {
-			return fmt.Errorf("failed to execute sdk request 'lecdn.UpdateCertificate': %w", err)
+		{
+			updateSSLCertReq := &leclientsdkv3.UpdateCertificateRequest{
+				Name:        fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
+				Description: "upload from certimate",
+				Type:        "upload",
+				SSLPEM:      certPEM,
+				SSLKey:      privkeyPEM,
+				AutoRenewal: false,
+			}
+			updateSSLCertResp, err := sdkClient.UpdateCertificate(d.config.CertificateId, updateSSLCertReq)
+			d.logger.Debug("sdk request 'lecdn.UpdateCertificate'", slog.Int64("certId", d.config.CertificateId), slog.Any("request", updateSSLCertReq), slog.Any("response", updateSSLCertResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request 'lecdn.UpdateCertificate': %w", err)
+			}
 		}

 	case *lemastersdkv3.Client:
-		updateSSLCertReq := &lemastersdkv3.UpdateCertificateRequest{
-			ClientId:    d.config.ClientId,
-			Name:        fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
-			Description: "upload from certimate",
-			Type:        "upload",
-			SSLPEM:      certPEM,
-			SSLKey:      privkeyPEM,
-			AutoRenewal: false,
-		}
-		updateSSLCertResp, err := sdkClient.UpdateCertificate(d.config.CertificateId, updateSSLCertReq)
-		d.logger.Debug("sdk request 'lecdn.UpdateCertificate'", slog.Int64("certId", d.config.CertificateId), slog.Any("request", updateSSLCertReq), slog.Any("response", updateSSLCertResp))
-		if err != nil {
-			return fmt.Errorf("failed to execute sdk request 'lecdn.UpdateCertificate': %w", err)
+		{
+			updateSSLCertReq := &lemastersdkv3.UpdateCertificateRequest{
+				ClientId:    d.config.ClientId,
+				Name:        fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
+				Description: "upload from certimate",
+				Type:        "upload",
+				SSLPEM:      certPEM,
+				SSLKey:      privkeyPEM,
+				AutoRenewal: false,
+			}
+			updateSSLCertResp, err := sdkClient.UpdateCertificate(d.config.CertificateId, updateSSLCertReq)
+			d.logger.Debug("sdk request 'lecdn.UpdateCertificate'", slog.Int64("certId", d.config.CertificateId), slog.Any("request", updateSSLCertReq), slog.Any("response", updateSSLCertResp))
+			if err != nil {
+				return fmt.Errorf("failed to execute sdk request 'lecdn.UpdateCertificate': %w", err)
+			}
 		}

 	default:
@@ -141,32 +137,35 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	return nil
 }

-func createSdkClient(serverUrl, apiVersion, apiRole, username, password string, skipTlsVerify bool) (interface{}, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid lecdn server url")
-	}
+const (
+	sdkVersionV3 = "v3"

-	if username == "" {
-		return nil, errors.New("invalid lecdn username")
-	}
+	sdkRoleClient = "client"
+	sdkRoleMaster = "master"
+)

-	if password == "" {
-		return nil, errors.New("invalid lecdn password")
-	}
-
-	if apiVersion == apiVersionV3 && apiRole == apiRoleClient {
+func createSdkClient(serverUrl, apiVersion, apiRole, username, password string, skipTlsVerify bool) (any, error) {
+	if apiVersion == sdkVersionV3 && apiRole == sdkRoleClient {
 		// v3 版客户端
-		client := leclientsdkv3.NewClient(serverUrl, username, password)
+		client, err := leclientsdkv3.NewClient(serverUrl, username, password)
+		if err != nil {
+			return nil, err
+		}
+
 		if skipTlsVerify {
-			client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 		}

 		return client, nil
-	} else if apiVersion == apiVersionV3 && apiRole == apiRoleMaster {
+	} else if apiVersion == sdkVersionV3 && apiRole == sdkRoleMaster {
 		// v3 版主控端
-		client := lemastersdkv3.NewClient(serverUrl, username, password)
+		client, err := lemastersdkv3.NewClient(serverUrl, username, password)
+		if err != nil {
+			return nil, err
+		}
+
 		if skipTlsVerify {
-			client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 		}

 		return client, nil
--- a/internal/pkg/core/deployer/providers/netlify-site/netlify_site.go
+++ b/internal/pkg/core/deployer/providers/netlify-site/netlify_site.go
@@ -80,10 +80,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(apiToken string) (*netlifysdk.Client, error) {
-	if apiToken == "" {
-		return nil, errors.New("invalid netlify api token")
-	}
-
-	client := netlifysdk.NewClient(apiToken)
-	return client, nil
+	return netlifysdk.NewClient(apiToken)
 }
--- a/internal/pkg/core/deployer/providers/netlify-site/netlify_site_test.go
+++ b/internal/pkg/core/deployer/providers/netlify-site/netlify_site_test.go
@@ -15,7 +15,7 @@ var (
 	fInputCertPath string
 	fInputKeyPath  string
 	fApiToken      string
-	fSiteId        int64
+	fSiteId        string
 )

 func init() {
@@ -24,7 +24,7 @@ func init() {
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
 	flag.StringVar(&fApiToken, argsPrefix+"APITOKEN", "", "")
-	flag.Int64Var(&fSiteId, argsPrefix+"SITEID", 0, "")
+	flag.StringVar(&fSiteId, argsPrefix+"SITEID", "", "")
 }

 /*
--- a/internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go
+++ b/internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go
@@ -26,7 +26,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *qiniusdk.Client
+	sdkClient   *qiniusdk.CdnManager
 	sslUploader uploader.Uploader
 }

@@ -37,7 +37,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}

-	client := qiniusdk.NewClient(auth.New(config.AccessKey, config.SecretKey))
+	client := qiniusdk.NewCdnManager(auth.New(config.AccessKey, config.SecretKey))

 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKey: config.AccessKey,
--- a/internal/pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn.go
+++ b/internal/pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn.go
@@ -2,7 +2,6 @@ package rainyunrcdn

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"
 	"strconv"
@@ -92,10 +91,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(apiKey string) (*rainyunsdk.Client, error) {
-	if apiKey == "" {
-		return nil, errors.New("invalid rainyun api key")
-	}
-
-	client := rainyunsdk.NewClient(apiKey)
-	return client, nil
+	return rainyunsdk.NewClient(apiKey)
 }
--- a/internal/pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn_test.go
+++ b/internal/pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn_test.go
@@ -53,8 +53,8 @@ func TestDeploy(t *testing.T) {
 		}, "\n"))

 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			PrivateKey: fApiKey,
-			InstanceId: fInstanceId,
+			ApiKey:     fApiKey,
+			InstanceId: int32(fInstanceId),
 			Domain:     fDomain,
 		})
 		if err != nil {
--- a/internal/pkg/core/deployer/providers/ratpanel-console/ratpanel_console.go
+++ b/internal/pkg/core/deployer/providers/ratpanel-console/ratpanel_console.go
@@ -3,10 +3,8 @@ package ratpanelconsole
 import (
 	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	rpsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/ratpanel"
@@ -59,35 +57,27 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {

 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 设置面板 SSL 证书
-	settingCertReq := &rpsdk.SettingCertRequest{
+	setSettingCertReq := &rpsdk.SetSettingCertRequest{
 		Certificate: certPEM,
 		PrivateKey:  privkeyPEM,
 	}
-	settingCertResp, err := d.sdkClient.SettingCert(settingCertReq)
-	d.logger.Debug("sdk request 'ratpanel.SettingCert'", slog.Any("request", settingCertReq), slog.Any("response", settingCertResp))
+	setSettingCertResp, err := d.sdkClient.SetSettingCert(setSettingCertReq)
+	d.logger.Debug("sdk request 'ratpanel.SetSettingCert'", slog.Any("request", setSettingCertReq), slog.Any("response", setSettingCertResp))
 	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'ratpanel.SettingCert': %w", err)
+		return nil, fmt.Errorf("failed to execute sdk request 'ratpanel.SetSettingCert': %w", err)
 	}

 	return &deployer.DeployResult{}, nil
 }

 func createSdkClient(serverUrl string, accessTokenId int32, accessToken string, skipTlsVerify bool) (*rpsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid ratpanel server url")
+	client, err := rpsdk.NewClient(serverUrl, accessTokenId, accessToken)
+	if err != nil {
+		return nil, err
 	}

-	if accessTokenId == 0 {
-		return nil, errors.New("invalid ratpanel access token id")
-	}
-
-	if accessToken == "" {
-		return nil, errors.New("invalid ratpanel access token")
-	}
-
-	client := rpsdk.NewClient(serverUrl, accessTokenId, accessToken)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/ratpanel-site/ratpanel_site.go
+++ b/internal/pkg/core/deployer/providers/ratpanel-site/ratpanel_site.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	rpsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/ratpanel"
@@ -65,36 +64,28 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	}

 	// 设置站点 SSL 证书
-	websiteCertReq := &rpsdk.WebsiteCertRequest{
+	setWebsiteCertReq := &rpsdk.SetWebsiteCertRequest{
 		SiteName:    d.config.SiteName,
 		Certificate: certPEM,
 		PrivateKey:  privkeyPEM,
 	}
-	websiteCertResp, err := d.sdkClient.WebsiteCert(websiteCertReq)
-	d.logger.Debug("sdk request 'ratpanel.WebsiteCert'", slog.Any("request", websiteCertReq), slog.Any("response", websiteCertResp))
+	setWebsiteCertResp, err := d.sdkClient.SetWebsiteCert(setWebsiteCertReq)
+	d.logger.Debug("sdk request 'ratpanel.SetWebsiteCert'", slog.Any("request", setWebsiteCertReq), slog.Any("response", setWebsiteCertResp))
 	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'ratpanel.WebsiteCert': %w", err)
+		return nil, fmt.Errorf("failed to execute sdk request 'ratpanel.SetWebsiteCert': %w", err)
 	}

 	return &deployer.DeployResult{}, nil
 }

 func createSdkClient(serverUrl string, accessTokenId int32, accessToken string, skipTlsVerify bool) (*rpsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid ratpanel server url")
+	client, err := rpsdk.NewClient(serverUrl, accessTokenId, accessToken)
+	if err != nil {
+		return nil, err
 	}

-	if accessTokenId == 0 {
-		return nil, errors.New("invalid ratpanel access token id")
-	}
-
-	if accessToken == "" {
-		return nil, errors.New("invalid ratpanel access token")
-	}
-
-	client := rpsdk.NewClient(serverUrl, accessTokenId, accessToken)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/safeline/safeline.go
+++ b/internal/pkg/core/deployer/providers/safeline/safeline.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	safelinesdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/safeline"
@@ -84,7 +83,7 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	updateCertificateReq := &safelinesdk.UpdateCertificateRequest{
 		Id:   d.config.CertificateId,
 		Type: 2,
-		Manual: &safelinesdk.UpdateCertificateRequestBodyManul{
+		Manual: &safelinesdk.CertificateManul{
 			Crt: certPEM,
 			Key: privkeyPEM,
 		},
@@ -99,17 +98,13 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 }

 func createSdkClient(serverUrl, apiToken string, skipTlsVerify bool) (*safelinesdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid safeline server url")
+	client, err := safelinesdk.NewClient(serverUrl, apiToken)
+	if err != nil {
+		return nil, err
 	}

-	if apiToken == "" {
-		return nil, errors.New("invalid safeline api token")
-	}
-
-	client := safelinesdk.NewClient(serverUrl, apiToken)
 	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}

 	return client, nil
--- a/internal/pkg/core/deployer/providers/tencentcloud-gaap/tencentcloud_gaap_test.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-gaap/tencentcloud_gaap_test.go
@@ -16,7 +16,6 @@ var (
 	fInputKeyPath  string
 	fSecretId      string
 	fSecretKey     string
-	fProxyGroupId  string
 	fProxyId       string
 	fListenerId    string
 )
@@ -28,7 +27,6 @@ func init() {
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
 	flag.StringVar(&fSecretId, argsPrefix+"SECRETID", "", "")
 	flag.StringVar(&fSecretKey, argsPrefix+"SECRETKEY", "", "")
-	flag.StringVar(&fProxyGroupId, argsPrefix+"PROXYGROUPID", "", "")
 	flag.StringVar(&fProxyId, argsPrefix+"PROXYID", "", "")
 	flag.StringVar(&fListenerId, argsPrefix+"LISTENERID", "", "")
 }
@@ -41,7 +39,6 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_TENCENTCLOUDGAAP_INPUTKEYPATH="/path/to/your-input-key.pem" \
 	--CERTIMATE_DEPLOYER_TENCENTCLOUDGAAP_SECRETID="your-secret-id" \
 	--CERTIMATE_DEPLOYER_TENCENTCLOUDGAAP_SECRETKEY="your-secret-key" \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDGAAP_PROXYGROUPID="your-gaap-group-id" \
 	--CERTIMATE_DEPLOYER_TENCENTCLOUDGAAP_PROXYID="your-gaap-group-id" \
 	--CERTIMATE_DEPLOYER_TENCENTCLOUDGAAP_LISTENERID="your-clb-listener-id"
 */
@@ -55,7 +52,6 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
 			fmt.Sprintf("SECRETID: %v", fSecretId),
 			fmt.Sprintf("SECRETKEY: %v", fSecretKey),
-			fmt.Sprintf("PROXYGROUPID: %v", fProxyGroupId),
 			fmt.Sprintf("PROXYID: %v", fProxyId),
 			fmt.Sprintf("LISTENERID: %v", fListenerId),
 		}, "\n"))
@@ -64,7 +60,6 @@ func TestDeploy(t *testing.T) {
 			SecretId:     fSecretId,
 			SecretKey:    fSecretKey,
 			ResourceType: provider.RESOURCE_TYPE_LISTENER,
-			ProxyGroupId: fProxyGroupId,
 			ProxyId:      fProxyId,
 			ListenerId:   fListenerId,
 		})
--- a/internal/pkg/core/deployer/providers/unicloud-webhost/unicloud_webhost.go
+++ b/internal/pkg/core/deployer/providers/unicloud-webhost/unicloud_webhost.go
@@ -88,14 +88,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(username, password string) (*unisdk.Client, error) {
-	if username == "" {
-		return nil, errors.New("invalid unicloud username")
-	}
-
-	if password == "" {
-		return nil, errors.New("invalid unicloud password")
-	}
-
-	client := unisdk.NewClient(username, password)
-	return client, nil
+	return unisdk.NewClient(username, password)
 }
--- a/internal/pkg/core/deployer/providers/upyun-cdn/upyun_cdn.go
+++ b/internal/pkg/core/deployer/providers/upyun-cdn/upyun_cdn.go
@@ -2,7 +2,6 @@ package upyuncdn

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"

@@ -116,14 +115,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(username, password string) (*upyunsdk.Client, error) {
-	if username == "" {
-		return nil, errors.New("invalid upyun username")
-	}
-
-	if password == "" {
-		return nil, errors.New("invalid upyun password")
-	}
-
-	client := upyunsdk.NewClient(username, password)
-	return client, nil
+	return upyunsdk.NewClient(username, password)
 }
--- a/internal/pkg/core/deployer/providers/wangsu-cdn/wangsu_cdn.go
+++ b/internal/pkg/core/deployer/providers/wangsu-cdn/wangsu_cdn.go
@@ -2,7 +2,6 @@ package wangsucdn

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"
 	"strconv"
@@ -97,13 +96,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {
-	if accessKeyId == "" {
-		return nil, errors.New("invalid wangsu access key id")
-	}
-
-	if accessKeySecret == "" {
-		return nil, errors.New("invalid wangsu access key secret")
-	}
-
-	return wangsusdk.NewClient(accessKeyId, accessKeySecret), nil
+	return wangsusdk.NewClient(accessKeyId, accessKeySecret)
 }
--- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
+++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
@@ -98,7 +98,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	if err != nil {
 		return nil, fmt.Errorf("failed to encrypt private key: %w", err)
 	}
-	certificateNewVersionInfo := &wangsucdn.CertificateVersion{
+	certificateNewVersionInfo := &wangsucdn.CertificateVersionInfo{
 		PrivateKey:  xtypes.ToPtr(encryptedPrivateKey),
 		Certificate: xtypes.ToPtr(certPEM),
 		IdentificationInfo: &wangsucdn.CertificateVersionIdentificationInfo{
@@ -131,7 +131,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 			return nil, fmt.Errorf("failed to execute sdk request 'cdnpro.CreateCertificate': %w", err)
 		}

-		wangsuCertUrl = createCertificateResp.CertificateUrl
+		wangsuCertUrl = createCertificateResp.CertificateLocation
 		d.logger.Info("ssl certificate uploaded", slog.Any("certUrl", wangsuCertUrl))

 		wangsuCertIdMatches := regexp.MustCompile(`/certificates/([a-zA-Z0-9-]+)`).FindStringSubmatch(wangsuCertUrl)
@@ -154,7 +154,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 			return nil, fmt.Errorf("failed to execute sdk request 'cdnpro.UpdateCertificate': %w", err)
 		}

-		wangsuCertUrl = updateCertificateResp.CertificateUrl
+		wangsuCertUrl = updateCertificateResp.CertificateLocation
 		d.logger.Info("ssl certificate uploaded", slog.Any("certUrl", wangsuCertUrl))

 		wangsuCertIdMatches := regexp.MustCompile(`/certificates/([a-zA-Z0-9-]+)`).FindStringSubmatch(wangsuCertUrl)
@@ -174,7 +174,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	createDeploymentTaskReq := &wangsucdn.CreateDeploymentTaskRequest{
 		Name:   xtypes.ToPtr(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())),
 		Target: xtypes.ToPtr(d.config.Environment),
-		Actions: &[]wangsucdn.DeploymentTaskAction{
+		Actions: &[]wangsucdn.DeploymentTaskActionInfo{
 			{
 				Action:        xtypes.ToPtr("deploy_cert"),
 				CertificateId: xtypes.ToPtr(wangsuCertId),
@@ -194,7 +194,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	// 循环获取部署任务详细信息，等待任务状态变更
 	// REF: https://www.wangsu.com/document/api-doc/27038
 	var wangsuTaskId string
-	wangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(createDeploymentTaskResp.DeploymentTaskUrl)
+	wangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(createDeploymentTaskResp.DeploymentTaskLocation)
 	if len(wangsuTaskMatches) > 1 {
 		wangsuTaskId = wangsuTaskMatches[1]
 	}
@@ -225,15 +225,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(accessKeyId, accessKeySecret string) (*wangsucdn.Client, error) {
-	if accessKeyId == "" {
-		return nil, errors.New("invalid wangsu access key id")
-	}
-
-	if accessKeySecret == "" {
-		return nil, errors.New("invalid wangsu access key secret")
-	}
-
-	return wangsucdn.NewClient(accessKeyId, accessKeySecret), nil
+	return wangsucdn.NewClient(accessKeyId, accessKeySecret)
 }

 func encryptPrivateKey(privkeyPEM string, apiKey string, timestamp int64) (string, error) {
--- a/internal/pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate.go
+++ b/internal/pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate.go
@@ -2,7 +2,6 @@ package wangsucertificate

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"
 	"time"
@@ -97,13 +96,5 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {
-	if accessKeyId == "" {
-		return nil, errors.New("invalid wangsu access key id")
-	}
-
-	if accessKeySecret == "" {
-		return nil, errors.New("invalid wangsu access key secret")
-	}
-
-	return wangsusdk.NewClient(accessKeyId, accessKeySecret), nil
+	return wangsusdk.NewClient(accessKeyId, accessKeySecret)
 }
--- a/internal/pkg/core/notifier/providers/discordbot/discordbot_test.go
+++ b/internal/pkg/core/notifier/providers/discordbot/discordbot_test.go
@@ -24,7 +24,7 @@ func init() {
 	argsPrefix := "CERTIMATE_NOTIFIER_DISCORDBOT_"

 	flag.StringVar(&fApiToken, argsPrefix+"APITOKEN", "", "")
-	flag.StringVar(&fChannelId, argsPrefix+"CHANNELID", 0, "")
+	flag.StringVar(&fChannelId, argsPrefix+"CHANNELID", "", "")
 }

 /*
--- a/internal/pkg/core/notifier/providers/slackbot/slackbot_test.go
+++ b/internal/pkg/core/notifier/providers/slackbot/slackbot_test.go
@@ -24,7 +24,7 @@ func init() {
 	argsPrefix := "CERTIMATE_NOTIFIER_SLACKBOT_"

 	flag.StringVar(&fApiToken, argsPrefix+"APITOKEN", "", "")
-	flag.StringVar(&fChannelId, argsPrefix+"CHANNELID", 0, "")
+	flag.StringVar(&fChannelId, argsPrefix+"CHANNELID", "", "")
 }

 /*
--- a/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
+++ b/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
@@ -3,15 +3,14 @@ package onepanelssl
 import (
 	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"log/slog"
-	"net/url"
 	"strings"
 	"time"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	onepanelsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel"
+	onepanelsdkv2 "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel/v2"
 )

 type UploaderConfig struct {
@@ -28,7 +27,7 @@ type UploaderConfig struct {
 type UploaderProvider struct {
 	config    *UploaderConfig
 	logger    *slog.Logger
-	sdkClient *onepanelsdk.Client
+	sdkClient any
 }

 var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -72,23 +71,46 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	certName := fmt.Sprintf("certimate-%d", time.Now().UnixMilli())

 	// 上传证书
-	uploadWebsiteSSLReq := &onepanelsdk.UploadWebsiteSSLRequest{
-		Type:        "paste",
-		Description: certName,
-		Certificate: certPEM,
-		PrivateKey:  privkeyPEM,
-	}
-	uploadWebsiteSSLResp, err := u.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
-	u.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
-	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
+	switch sdkClient := u.sdkClient.(type) {
+	case *onepanelsdk.Client:
+		{
+			uploadWebsiteSSLReq := &onepanelsdk.UploadWebsiteSSLRequest{
+				Type:        "paste",
+				Description: certName,
+				Certificate: certPEM,
+				PrivateKey:  privkeyPEM,
+			}
+			uploadWebsiteSSLResp, err := sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
+			u.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
+			if err != nil {
+				return nil, fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
+			}
+		}
+
+	case *onepanelsdkv2.Client:
+		{
+			uploadWebsiteSSLReq := &onepanelsdkv2.UploadWebsiteSSLRequest{
+				Type:        "paste",
+				Description: certName,
+				Certificate: certPEM,
+				PrivateKey:  privkeyPEM,
+			}
+			uploadWebsiteSSLResp, err := sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
+			u.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
+			if err != nil {
+				return nil, fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
+			}
+		}
+
+	default:
+		panic("sdk client is not implemented")
 	}

 	// 遍历证书列表，获取刚刚上传证书 ID
 	if res, err := u.findCertIfExists(ctx, certPEM, privkeyPEM); err != nil {
 		return nil, err
 	} else if res == nil {
-		return nil, fmt.Errorf("no ssl certificate found, may be upload failed (code: %d, message: %s)", uploadWebsiteSSLResp.GetCode(), uploadWebsiteSSLResp.GetMessage())
+		return nil, fmt.Errorf("no ssl certificate found, may be upload failed")
 	} else {
 		return res, nil
 	}
@@ -97,6 +119,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 func (u *UploaderProvider) findCertIfExists(ctx context.Context, certPEM string, privkeyPEM string) (*uploader.UploadResult, error) {
 	searchWebsiteSSLPageNumber := int32(1)
 	searchWebsiteSSLPageSize := int32(100)
+	searchWebsiteSSLItemsCount := int32(0)
 	for {
 		select {
 		case <-ctx.Done():
@@ -104,28 +127,68 @@ func (u *UploaderProvider) findCertIfExists(ctx context.Context, certPEM string,
 		default:
 		}

-		searchWebsiteSSLReq := &onepanelsdk.SearchWebsiteSSLRequest{
-			Page:     searchWebsiteSSLPageNumber,
-			PageSize: searchWebsiteSSLPageSize,
-		}
-		searchWebsiteSSLResp, err := u.sdkClient.SearchWebsiteSSL(searchWebsiteSSLReq)
-		u.logger.Debug("sdk request '1panel.SearchWebsiteSSL'", slog.Any("request", searchWebsiteSSLReq), slog.Any("response", searchWebsiteSSLResp))
-		if err != nil {
-			return nil, fmt.Errorf("failed to execute sdk request '1panel.SearchWebsiteSSL': %w", err)
-		}
+		switch sdkClient := u.sdkClient.(type) {
+		case *onepanelsdk.Client:
+			{
+				searchWebsiteSSLReq := &onepanelsdk.SearchWebsiteSSLRequest{
+					Page:     searchWebsiteSSLPageNumber,
+					PageSize: searchWebsiteSSLPageSize,
+				}
+				searchWebsiteSSLResp, err := sdkClient.SearchWebsiteSSL(searchWebsiteSSLReq)
+				u.logger.Debug("sdk request '1panel.SearchWebsiteSSL'", slog.Any("request", searchWebsiteSSLReq), slog.Any("response", searchWebsiteSSLResp))
+				if err != nil {
+					return nil, fmt.Errorf("failed to execute sdk request '1panel.SearchWebsiteSSL': %w", err)
+				}

-		for _, sslItem := range searchWebsiteSSLResp.Data.Items {
-			if strings.TrimSpace(sslItem.PEM) == strings.TrimSpace(certPEM) &&
-				strings.TrimSpace(sslItem.PrivateKey) == strings.TrimSpace(privkeyPEM) {
-				// 如果已存在相同证书，直接返回
-				return &uploader.UploadResult{
-					CertId:   fmt.Sprintf("%d", sslItem.ID),
-					CertName: sslItem.Description,
-				}, nil
+				if searchWebsiteSSLResp.Data != nil {
+					for _, sslItem := range searchWebsiteSSLResp.Data.Items {
+						if strings.TrimSpace(sslItem.PEM) == strings.TrimSpace(certPEM) &&
+							strings.TrimSpace(sslItem.PrivateKey) == strings.TrimSpace(privkeyPEM) {
+							// 如果已存在相同证书，直接返回
+							return &uploader.UploadResult{
+								CertId:   fmt.Sprintf("%d", sslItem.ID),
+								CertName: sslItem.Description,
+							}, nil
+						}
+					}
+				}
+
+				searchWebsiteSSLItemsCount = searchWebsiteSSLResp.Data.Total
 			}
+
+		case *onepanelsdkv2.Client:
+			{
+				searchWebsiteSSLReq := &onepanelsdkv2.SearchWebsiteSSLRequest{
+					Page:     searchWebsiteSSLPageNumber,
+					PageSize: searchWebsiteSSLPageSize,
+				}
+				searchWebsiteSSLResp, err := sdkClient.SearchWebsiteSSL(searchWebsiteSSLReq)
+				u.logger.Debug("sdk request '1panel.SearchWebsiteSSL'", slog.Any("request", searchWebsiteSSLReq), slog.Any("response", searchWebsiteSSLResp))
+				if err != nil {
+					return nil, fmt.Errorf("failed to execute sdk request '1panel.SearchWebsiteSSL': %w", err)
+				}
+
+				if searchWebsiteSSLResp.Data != nil {
+					for _, sslItem := range searchWebsiteSSLResp.Data.Items {
+						if strings.TrimSpace(sslItem.PEM) == strings.TrimSpace(certPEM) &&
+							strings.TrimSpace(sslItem.PrivateKey) == strings.TrimSpace(privkeyPEM) {
+							// 如果已存在相同证书，直接返回
+							return &uploader.UploadResult{
+								CertId:   fmt.Sprintf("%d", sslItem.ID),
+								CertName: sslItem.Description,
+							}, nil
+						}
+					}
+				}
+
+				searchWebsiteSSLItemsCount = searchWebsiteSSLResp.Data.Total
+			}
+
+		default:
+			panic("sdk client is not implemented")
 		}

-		if len(searchWebsiteSSLResp.Data.Items) < int(searchWebsiteSSLPageSize) {
+		if searchWebsiteSSLItemsCount < searchWebsiteSSLPageSize {
 			break
 		} else {
 			searchWebsiteSSLPageNumber++
@@ -135,23 +198,35 @@ func (u *UploaderProvider) findCertIfExists(ctx context.Context, certPEM string,
 	return nil, nil
 }

-func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (*onepanelsdk.Client, error) {
-	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid 1panel server url")
+const (
+	sdkVersionV1 = "v1"
+	sdkVersionV2 = "v2"
+)
+
+func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (any, error) {
+	if apiVersion == sdkVersionV1 {
+		client, err := onepanelsdk.NewClient(serverUrl, apiKey)
+		if err != nil {
+			return nil, err
+		}
+
+		if skipTlsVerify {
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		}
+
+		return client, nil
+	} else if apiVersion == sdkVersionV2 {
+		client, err := onepanelsdkv2.NewClient(serverUrl, apiKey)
+		if err != nil {
+			return nil, err
+		}
+
+		if skipTlsVerify {
+			client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		}
+
+		return client, nil
 	}

-	if apiVersion == "" {
-		return nil, errors.New("invalid 1panel api version")
-	}
-
-	if apiKey == "" {
-		return nil, errors.New("invalid 1panel api key")
-	}
-
-	client := onepanelsdk.NewClient(serverUrl, apiVersion, apiKey)
-	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
-	}
-
-	return client, nil
+	return nil, fmt.Errorf("invalid 1panel api version")
 }
--- a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go
+++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go
@@ -14,7 +14,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	azcommon "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/common"
+	azenv "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/env"
 	xcert "github.com/usual2970/certimate/internal/pkg/utils/cert"
 )

@@ -176,7 +176,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(tenantId, clientId, clientSecret, cloudName, keyvaultName string) (*azcertificates.Client, error) {
-	env, err := azcommon.GetCloudEnvironmentConfiguration(cloudName)
+	env, err := azenv.GetCloudEnvConfiguration(cloudName)
 	if err != nil {
 		return nil, err
 	}
@@ -189,9 +189,9 @@ func createSdkClient(tenantId, clientId, clientSecret, cloudName, keyvaultName s
 	}

 	endpoint := fmt.Sprintf("https://%s.vault.azure.net", keyvaultName)
-	if azcommon.IsEnvironmentGovernment(cloudName) {
+	if azenv.IsUSGovernmentEnv(cloudName) {
 		endpoint = fmt.Sprintf("https://%s.vault.usgovcloudapi.net", keyvaultName)
-	} else if azcommon.IsEnvironmentChina(cloudName) {
+	} else if azenv.IsChinaEnv(cloudName) {
 		endpoint = fmt.Sprintf("https://%s.vault.azure.cn", keyvaultName)
 	}

--- a/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
+++ b/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
@@ -58,8 +58,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE

 	// 上传新证书
 	// REF: https://docs.dogecloud.com/cdn/api-cert-upload
-	uploadSslCertResp, err := u.sdkClient.UploadCdnCert(certName, certPEM, privkeyPEM)
-	u.logger.Debug("sdk request 'cdn.UploadCdnCert'", slog.Any("response", uploadSslCertResp))
+	uploadSslCertReq := &dogesdk.UploadCdnCertRequest{
+		Note:        certName,
+		Certificate: certPEM,
+		PrivateKey:  privkeyPEM,
+	}
+	uploadSslCertResp, err := u.sdkClient.UploadCdnCert(uploadSslCertReq)
+	u.logger.Debug("sdk request 'cdn.UploadCdnCert'", slog.Any("request", uploadSslCertReq), slog.Any("response", uploadSslCertResp))
 	if err != nil {
 		return nil, fmt.Errorf("failed to execute sdk request 'cdn.UploadCdnCert': %w", err)
 	}
@@ -72,6 +77,5 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(accessKey, secretKey string) (*dogesdk.Client, error) {
-	client := dogesdk.NewClient(accessKey, secretKey)
-	return client, nil
+	return dogesdk.NewClient(accessKey, secretKey)
 }
--- a/internal/pkg/core/uploader/providers/gcore-cdn/gcore_cdn.go
+++ b/internal/pkg/core/uploader/providers/gcore-cdn/gcore_cdn.go
@@ -11,7 +11,7 @@ import (
 	"github.com/G-Core/gcorelabscdn-go/sslcerts"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	gcoresdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/gcore/common"
+	gcoresdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/gcore"
 )

 type UploaderConfig struct {
--- a/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
+++ b/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
@@ -24,7 +24,7 @@ type UploaderConfig struct {
 type UploaderProvider struct {
 	config    *UploaderConfig
 	logger    *slog.Logger
-	sdkClient *qiniusdk.Client
+	sdkClient *qiniusdk.CdnManager
 }

 var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -81,7 +81,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	}, nil
 }

-func createSdkClient(accessKey, secretKey string) (*qiniusdk.Client, error) {
+func createSdkClient(accessKey, secretKey string) (*qiniusdk.CdnManager, error) {
 	if secretKey == "" {
 		return nil, errors.New("invalid qiniu access key")
 	}
@@ -91,6 +91,6 @@ func createSdkClient(accessKey, secretKey string) (*qiniusdk.Client, error) {
 	}

 	credential := auth.New(accessKey, secretKey)
-	client := qiniusdk.NewClient(credential)
+	client := qiniusdk.NewCdnManager(credential)
 	return client, nil
 }
--- a/internal/pkg/core/uploader/providers/rainyun-sslcenter/rainyun_sslcenter.go
+++ b/internal/pkg/core/uploader/providers/rainyun-sslcenter/rainyun_sslcenter.go
@@ -76,7 +76,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	if res, err := u.findCertIfExists(ctx, certPEM); err != nil {
 		return nil, err
 	} else if res == nil {
-		return nil, errors.New("rainyun sslcenter: no certificate found")
+		return nil, errors.New("no ssl certificate found, may be upload failed")
 	} else {
 		return res, nil
 	}
@@ -166,10 +166,5 @@ func (u *UploaderProvider) findCertIfExists(ctx context.Context, certPEM string)
 }

 func createSdkClient(apiKey string) (*rainyunsdk.Client, error) {
-	if apiKey == "" {
-		return nil, errors.New("invalid rainyun api key")
-	}
-
-	client := rainyunsdk.NewClient(apiKey)
-	return client, nil
+	return rainyunsdk.NewClient(apiKey)
 }
--- a/internal/pkg/core/uploader/providers/upyun-ssl/upyun_ssl.go
+++ b/internal/pkg/core/uploader/providers/upyun-ssl/upyun_ssl.go
@@ -2,7 +2,6 @@ package upyunssl

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"

@@ -69,14 +68,5 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(username, password string) (*upyunsdk.Client, error) {
-	if username == "" {
-		return nil, errors.New("invalid upyun username")
-	}
-
-	if password == "" {
-		return nil, errors.New("invalid upyun password")
-	}
-
-	client := upyunsdk.NewClient(username, password)
-	return client, nil
+	return upyunsdk.NewClient(username, password)
 }
--- a/internal/pkg/core/uploader/providers/wangsu-certificate/wangsu_certificate.go
+++ b/internal/pkg/core/uploader/providers/wangsu-certificate/wangsu_certificate.go
@@ -2,7 +2,6 @@ package wangsucertificate

 import (
 	"context"
-	"errors"
 	"fmt"
 	"log/slog"
 	"regexp"
@@ -116,7 +115,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	// 网宿云证书 URL 中包含证书 ID
 	// 格式：
 	//    https://open.chinanetcenter.com/api/certificate/100001
-	wangsuCertIdMatches := regexp.MustCompile(`/certificate/([0-9]+)`).FindStringSubmatch(createCertificateResp.CertificateUrl)
+	wangsuCertIdMatches := regexp.MustCompile(`/certificate/([0-9]+)`).FindStringSubmatch(createCertificateResp.CertificateLocation)
 	if len(wangsuCertIdMatches) > 1 {
 		certId = wangsuCertIdMatches[1]
 	} else {
@@ -130,13 +129,5 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 }

 func createSdkClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {
-	if accessKeyId == "" {
-		return nil, errors.New("invalid wangsu access key id")
-	}
-
-	if accessKeySecret == "" {
-		return nil, errors.New("invalid wangsu access key secret")
-	}
-
-	return wangsusdk.NewClient(accessKeyId, accessKeySecret), nil
+	return wangsusdk.NewClient(accessKeyId, accessKeySecret)
 }