v0.2.18

Merge pull request #319 from fudiwei/bugfix/aliyun-api-error
bugfix #318
2024-11-11 07:58:13 +08:00 · 2024-11-10 19:40:40 +08:00 · 2024-11-09 11:37:34 +08:00 · 2024-11-09 09:54:49 +08:00 · 2024-11-09 09:41:05 +08:00 · 2024-11-08 08:11:04 +08:00
311 changed files with 25123 additions and 5504 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,10 @@
+# http://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+end_of_line = crlf
+indent_size = 2
+indent_style = space
+trim_trailing_whitespace = true
+insert_final_newline = true
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,33 @@
+---
+name: Bug report
+about: 创建一个报告来帮助我们改进
+title: "[Bug] 标题简要描述问题"
+labels: bug
+assignees: ""
+---
+
+**描述问题**
+简要描述问题是什么，1 个 ISSUE 只描述一个问题。 
+
+**复现步骤**
+复现该问题的步骤：
+
+1. 去到 '...'
+2. 点击 '...'
+3. 滚动到 '...'
+4. 发现问题
+
+**期望的结果**
+简要描述你期望发生的事情。
+
+**截图**
+如有可能，请添加截图以帮助解释问题。
+
+**环境**
+
+- 操作系统: [e.g. Windows, macOS]
+- 浏览器: [e.g. Chrome, Safari]
+- 仓库版本: [e.g. v1.0.0]
+
+**其他信息**
+在此处添加关于该问题的任何其他信息。
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 加入频道讨论
+    url: https://t.me/+ZXphsppxUg41YmVl
+    about: 加入到电报频道寻求更多帮助
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: 提出一个新功能请求
+title: "[Feature] 简要描述你希望实现的功能"
+labels: enhancement
+assignees: ""
+---
+
+**功能描述**
+简要描述你希望添加的功能和相关问题，1 个 ISSUE 只描述一个功能。
+
+**动机**
+为什么这个功能对项目有帮助？
+
+**替代方案**
+描述你已经考虑过的替代方案。
+
+**其他信息**
+在这里添加任何相关的附加信息或截图。
--- a/.github/workflows/push_image.yml
+++ b/.github/workflows/push_image.yml
@@ -4,6 +4,12 @@ on:
  push:
    tags:
      - "*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag version to be used for Docker image"
+        required: true
+        default: "v0.1.9"

 jobs:
  build-and-push:
@@ -19,7 +25,22 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

-      - name: Log in to Docker Hub
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            usual2970/certimate
+            registry.cn-shanghai.aliyuncs.com/usual2970/certimate
+
+      - name: Log in to DOCKERHUB
+        uses: docker/login-action@v3
+
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Log in to ALIYUNCS
        uses: docker/login-action@v3

        with:
@@ -27,17 +48,12 @@ jobs:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

-      - name: Extract Git tag
-        id: get_tag
-        run: echo "tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
-
      - name: Build and push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
-          file: ./Dockerfile_build
+          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
-          tags: |
-            registry.cn-shanghai.aliyuncs.com/usual2970/certimate:${{ env.tag }}
-            registry.cn-shanghai.aliyuncs.com/usual2970/certimate:latest
+          tags: ${{ steps.meta.outputs.tags }}
+
--- a/.gitignore
+++ b/.gitignore
@@ -1,14 +1,7 @@
-__debug_bin*
-vendor
-pb_data
-main
-./certimate
-build
-/docker/data
-
-# Editor directories and files
 .vscode/*
 !.vscode/extensions.json
+!.vscode/settings.json
+!.vscode/settings.tailwind.json
 .idea
 .DS_Store
 *.suo
@@ -16,5 +9,14 @@ build
 *.njsproj
 *.sln
 *.sw?
+__debug_bin*

+vendor
+pb_data
+build
+main
+/ui/dist/*
+!/ui/dist/.gitkeep
 ./dist
+./certimate
+/docker/data
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -0,0 +1,6 @@
+{
+  "recommendations": [
+    "bradlc.vscode-tailwindcss",
+    "esbenp.prettier-vscode"
+  ]
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,20 @@
+{
+  "css.customData": [
+    ".vscode/settings.tailwind.json"
+  ],
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit"
+  },
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "editor.formatOnSave": true,
+  "go.useLanguageServer": true,
+  "gopls": {
+    "formatting.gofumpt": true,
+  },
+  "[go]": {
+    "editor.defaultFormatter": "golang.go"
+  },
+  "[typescript]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  }
+}
--- a/.vscode/settings.tailwind.json
+++ b/.vscode/settings.tailwind.json
@@ -0,0 +1,55 @@
+{
+  "version": 1.1,
+  "atDirectives": [
+    {
+      "name": "@tailwind",
+      "description": "Use the `@tailwind` directive to insert Tailwind's `base`, `components`, `utilities` and `screens` styles into your CSS.",
+      "references": [
+        {
+          "name": "Tailwind Documentation",
+          "url": "https://tailwindcss.com/docs/functions-and-directives#tailwind"
+        }
+      ]
+    },
+    {
+      "name": "@apply",
+      "description": "Use the `@apply` directive to inline any existing utility classes into your own custom CSS. This is useful when you find a common utility pattern in your HTML that you’d like to extract to a new component.",
+      "references": [
+        {
+          "name": "Tailwind Documentation",
+          "url": "https://tailwindcss.com/docs/functions-and-directives#apply"
+        }
+      ]
+    },
+    {
+      "name": "@responsive",
+      "description": "You can generate responsive variants of your own classes by wrapping their definitions in the `@responsive` directive:\n```css\n@responsive {\n  .alert {\n    background-color: #E53E3E;\n  }\n}\n```\n",
+      "references": [
+        {
+          "name": "Tailwind Documentation",
+          "url": "https://tailwindcss.com/docs/functions-and-directives#responsive"
+        }
+      ]
+    },
+    {
+      "name": "@screen",
+      "description": "The `@screen` directive allows you to create media queries that reference your breakpoints by **name** instead of duplicating their values in your own CSS:\n```css\n@screen sm {\n  /* ... */\n}\n```\n…gets transformed into this:\n```css\n@media (min-width: 640px) {\n  /* ... */\n}\n```\n",
+      "references": [
+        {
+          "name": "Tailwind Documentation",
+          "url": "https://tailwindcss.com/docs/functions-and-directives#screen"
+        }
+      ]
+    },
+    {
+      "name": "@variants",
+      "description": "Generate `hover`, `focus`, `active` and other **variants** of your own utilities by wrapping their definitions in the `@variants` directive:\n```css\n@variants hover, focus {\n   .btn-brand {\n    background-color: #3182CE;\n  }\n}\n```\n",
+      "references": [
+        {
+          "name": "Tailwind Documentation",
+          "url": "https://tailwindcss.com/docs/functions-and-directives#variants"
+        }
+      ]
+    }
+  ]
+}
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,76 @@
+# 向 Certimate 贡献代码
+
+感谢你抽出时间来改进 Certimate！以下是向 Certimate 主仓库提交 PR（Pull Request）时的操作指南。
+
+- [向 Certimate 贡献代码](#向-certimate-贡献代码)
+  - [前提条件](#前提条件)
+  - [修改 Go 代码](#修改-go-代码)
+  - [修改管理页面 (Admin UI)](#修改管理页面-admin-ui)
+
+## 前提条件
+
+- Go 1.22+ (用于修改 Go 代码)
+- Node 20+ (用于修改 UI)
+
+如果还没有这样做，你可以 fork Certimate 的主仓库，并克隆到本地以便进行修改：
+
+```bash
+git clone https://github.com/your_username/certimate.git
+```
+
+> **重要提示：**
+> 建议为每个 Bug 修复或新功能创建一个从 `main` 分支派生的新分支。如果你计划提交多个 PR，请保持不同的改动在独立分支中，以便更容易进行代码审查并最终合并。
+> 保持一个 PR 只实现一个功能。
+
+## 修改 Go 代码
+
+假设你已经对 Certimate 的 Go 代码做了一些修改，现在你想要运行它：
+
+1. 进入根目录
+2. 运行以下命令启动服务：
+
+   ```bash
+   go run main.go serve
+   ```
+
+这将启动一个 Web 服务器，默认运行在 `http://localhost:8090`，并使用来自 `ui/dist` 的预构建管理页面。
+
+**在向主仓库提交 PR 之前，建议你：**
+
+- 使用 [gofumpt](https://github.com/mvdan/gofumpt) 对你的代码进行格式化。
+
+- 为你的改动添加单元测试或集成测试（Certimate 使用 Go 的标准 `testing` 包）。你可以通过以下命令运行测试（在项目根目录下）：
+
+  ```bash
+  go test ./...
+  ```
+
+## 修改管理页面 (Admin UI)
+
+Certimate 的管理页面是一个基于 React 和 Vite 构建的单页应用（SPA）。
+
+要启动 Admin UI：
+
+1. 进入 `ui` 项目目录。
+
+2. 运行 `npm install` 安装依赖。
+
+3. 启动 Vite 开发服务器：
+
+   ```bash
+   npm run dev
+   ```
+
+你可以通过浏览器访问 `http://localhost:5173` 来查看运行中的管理页面。
+
+由于 Admin UI 只是一个客户端应用，运行时需要 Certimate 的后端服务作为支撑。你可以手动运行 Certimate，或者使用预构建的可执行文件。
+
+所有对 Admin UI 的修改将会自动反映在浏览器中，无需手动刷新页面。
+
+完成修改后，运行以下命令来构建 Admin UI，以便它能被嵌入到 Go 包中：
+
+```bash
+npm run build
+```
+
+完成所有步骤后，你可以将改动提交 PR 到 Certimate 主仓库。
--- a/CONTRIBUTING_EN.md
+++ b/CONTRIBUTING_EN.md
@@ -0,0 +1,81 @@
+# Contributing to Certimate
+
+Thank you for taking the time to improve Certimate! Below is a guide for submitting a PR (Pull Request) to the main Certimate repository.
+
+- [Contributing to Certimate](#contributing-to-certimate)
+  - [Prerequisites](#prerequisites)
+  - [Making Changes in the Go Code](#making-changes-in-the-go-code)
+  - [Making Changes in the Admin UI](#making-changes-in-the-admin-ui)
+
+## Prerequisites
+
+- Go 1.22+ (for Go code changes)
+- Node 20+ (for Admin UI changes)
+
+If you haven't done so already, you can fork the Certimate repository and clone your fork to work locally:
+
+```bash
+git clone https://github.com/your_username/certimate.git
+```
+
+> **Important:**
+> It is recommended to create a new branch from `main` for each bug fix or feature. If you plan to submit multiple PRs, ensure the changes are in separate branches for easier review and eventual merge.
+> Keep each PR focused on a single feature or fix.
+
+## Making Changes in the Go Code
+
+Once you have made changes to the Go code in Certimate, follow these steps to run the project:
+
+1. Navigate to the root directory.
+
+2. Start the service by running:
+
+   ```bash
+   go run main.go serve
+   ```
+
+This will start a web server at `http://localhost:8090` using the prebuilt Admin UI located in `ui/dist`.
+
+**Before submitting a PR to the main repository, consider:**
+
+- Format your source code by using [gofumpt](https://github.com/mvdan/gofumpt).
+
+- Adding unit or integration tests for your changes. Certimate uses Go’s standard `testing` package. You can run tests using the following command (while in the root project directory):
+
+  ```bash
+  go test ./...
+  ```
+
+## Making Changes in the Admin UI
+
+Certimate’s Admin UI is a single-page application (SPA) built using React and Vite.
+
+To start the Admin UI:
+
+1. Navigate to the `ui` project directory.
+
+2. Install the necessary dependencies by running:
+
+   ```bash
+   npm install
+   ```
+
+3. Start the Vite development server:
+
+   ```bash
+   npm run dev
+   ```
+
+You can now access the running Admin UI at `http://localhost:5173` in your browser.
+
+Since the Admin UI is a client-side application, you will also need to have the Certimate backend running. You can either manually run Certimate or use a prebuilt executable.
+
+Any changes you make in the Admin UI will be automatically reflected in the browser without requiring a page reload.
+
+After completing your changes, build the Admin UI so it can be embedded into the Go package:
+
+```bash
+npm run build
+```
+
+Once all steps are completed, you are ready to submit a PR to the main Certimate repository.
--- a/33
+++ b/33
@@ -0,0 +1,33 @@
+FROM node:20-alpine3.19 AS front-builder
+
+WORKDIR /app
+
+COPY . /app/
+
+RUN \
+  cd /app/ui && \
+  npm install && \
+  npm run build
+
+
+FROM golang:1.22-alpine AS builder
+
+WORKDIR /app
+
+COPY ../. /app/
+
+RUN rm -rf /app/ui/dist
+
+COPY --from=front-builder /app/ui/dist /app/ui/dist
+
+RUN go build -o certimate
+
+
+
+FROM alpine:latest
+
+WORKDIR /app
+
+COPY --from=builder /app/certimate .
+
+ENTRYPOINT ["./certimate", "serve", "--http", "0.0.0.0:8090"]
--- a/16
+++ b/16
@@ -1,16 +0,0 @@
-FROM golang:1.22-alpine as builder
-
-WORKDIR /app
-
-COPY ../. /app/
-
-RUN go build -o certimate
-
-
-FROM alpine:latest
-
-WORKDIR /app
-
-COPY --from=builder /app/certimate .
-
-ENTRYPOINT ["./certimate", "serve", "--http", "0.0.0.0:8090"]
--- a/5
+++ b/5
@@ -34,4 +34,7 @@ help:
 	@echo "  make clean  - 清理构建文件"
 	@echo "  make help   - 显示此帮助信息"

-.PHONY: all build clean help
+.PHONY: all build clean help
+
+local.run:
+	go mod vendor&& npm --prefix=./ui install && npm --prefix=./ui run build && go run main.go serve --http 127.0.0.1:8090
--- a/README.md
+++ b/README.md
@@ -1,37 +1,25 @@
-
+[中文](README.md) | [English](README_EN.md)

 # 🔒Certimate

 做个人产品或在小企业负责运维的同学，需要管理多个域名，要给域名申请证书。但手动申请证书有以下缺点：

-1. 😱麻烦：申请、部署证书虽不复杂，但也挺麻烦的，尤其是你维护多个域名的时候。
-2. 😭易忘：当前免费证书有效期仅90天，这就要求定期操作，增加工作量的同时，也很容易忘掉，导致网站无法访问。
+1. 😱 麻烦：申请、部署证书虽不困难，但也挺麻烦的，尤其是维护多个域名的时候。
+2. 😭 易忘：当前免费证书有效期仅 90 天，这就要求定期操作，增加工作量的同时，也很容易忘掉，导致网站无法访问。

 Certimate 就是为了解决上述问题而产生的，它具有以下特点：

-1. 操作简单：自动申请、部署 SSL 证书，并在证书即将过期时自动续期，无需人工干预。
-2. 支持私有部署：部署方法简单，只需下载二进制文件执行即可。二进制文件、docker 镜像全部用 github actions 生成，过程透明，可自行审计。
+1. 操作简单：自动申请、部署、续期 SSL 证书，全程无需人工干预。
+2. 支持私有部署：部署方法简单，只需下载二进制文件执行即可。二进制文件、Docker 镜像全部用 Github Actions 生成，过程透明，可自行审计。
 3. 数据安全：由于是私有部署，所有数据均存储在本地，不会保存在服务商的服务器，确保数据的安全性。

+相关文章：

-Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决方案。使用文档请访问[https://docs.certimate.me](https://docs.certimate.me)
-
- [🔒Certimate](#certimate)
-  - [一、安装](#一安装)
-    - [1. 二进制文件](#1-二进制文件)
-    - [2. Docker 安装](#2-docker-安装)
-    - [3. 源代码安装](#3-源代码安装)
-  - [二、使用](#二使用)
-  - [三、支持的服务商列表](#三支持的服务商列表)
-  - [四、系统截图](#四系统截图)
-  - [五、概念](#五概念)
-    - [1. 域名](#1-域名)
-    - [2. dns 服务商授权信息](#2-dns-服务商授权信息)
-    - [3. 部署服务商授权信息](#3-部署服务商授权信息)
-  - [六、常见问题](#六常见问题)
-  - [七、许可证](#七许可证)
-
+- [⚠️⚠️⚠️V0.2.0-第一个不向后兼容的版本](https://docs.certimate.me/blog/v0.2.0)
+- [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
+- [域名变量及部署授权组介绍](https://docs.certimate.me/blog/multi-deployer)

+Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决方案。使用文档请访问 [https://docs.certimate.me](https://docs.certimate.me)

 ## 一、安装

@@ -45,15 +33,20 @@ Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决
 ./certimate serve
 ```

-> [!NOTE]
-> MacOS 在执行二进制文件时会提示：无法打开“certimate”，因为Apple无法检查其是否包含恶意软件。可在系统设置> 隐私与安全性> 安全性 中点击 "仍然允许"，然后再次尝试执行二进制文件。
+或运行以下命令自动给 Certimate 自身添加证书

+```bash
+./certimate serve 你的域名
+```
+
+> [!NOTE]
+> MacOS 在执行二进制文件时会提示：无法打开“Certimate”，因为 Apple 无法检查其是否包含恶意软件。可在“系统设置 > 隐私与安全性 > 安全性”中点击“仍然允许”，然后再次尝试执行二进制文件。

 ### 2. Docker 安装

 ```bash

-git clone git@github.com:usual2970/certimate.git && cd certimate/docker && docker compose up -d
+mkdir -p ~/.certimate && cd ~/.certimate && curl -O https://raw.githubusercontent.com/usual2970/certimate/refs/heads/main/docker/docker-compose.yml && docker compose up -d

 ```

@@ -62,10 +55,9 @@ git clone git@github.com:usual2970/certimate.git && cd certimate/docker && docke
 ```bash
 git clone EMAIL:usual2970/certimate.git
 cd certimate
-go run main.go serve
+make local.run
 ```

-
 ## 二、使用

 执行完上述安装操作后，在浏览器中访问 `http://127.0.0.1:8090` 即可访问 Certimate 管理页面。
@@ -79,89 +71,121 @@ go run main.go serve

 ## 三、支持的服务商列表

-| 服务商 | 是否域名服务商 | 是否部署服务 | 备注 |
-|------|------|-----|------|
-| 阿里云| 是 | 是 | 支持阿里云注册的域名，支持部署到阿里云 CDN,OSS |
-| 腾讯云| 是 | 是 | 支持腾讯云注册的域名，支持部署到腾讯云 CDN |
-| 七牛云| 否 | 是 | 七牛云没有注册域名服务，支持部署到七牛云 CDN |
-|CloudFlare| 是 | 否 | 支持 CloudFlare 注册的域名，CloudFlare 服务自带SSL证书 |
-|SSH| 否 | 是 | 支持部署到 SSH 服务器 |
-|WEBHOOK| 否 | 是 | 支持回调到 WEBHOOK |
-
-
-
+|   服务商   | 支持申请证书 | 支持部署证书 | 备注                                                              |
+| :--------: | :----------: | :----------: | ----------------------------------------------------------------- |
+|   阿里云   |      √       |      √       | 可签发在阿里云注册的域名；可部署到阿里云 OSS、CDN、SLB            |
+|   腾讯云   |      √       |      √       | 可签发在腾讯云注册的域名；可部署到腾讯云 COS、CDN、ECDN、CLB、TEO |
+| 百度智能云 |              |      √       | 可部署到百度智能云 CDN                                            |
+|   华为云   |      √       |      √       | 可签发在华为云注册的域名；可部署到华为云 CDN、ELB                 |
+|   七牛云   |              |      √       | 可部署到七牛云 CDN                                                |
+|   多吉云   |              |      √       | 可部署到多吉云 CDN                                                |
+|    AWS     |      √       |              | 可签发在 AWS Route53 托管的域名                                   |
+| CloudFlare |      √       |              | 可签发在 CloudFlare 注册的域名；CloudFlare 服务自带 SSL 证书      |
+|  GoDaddy   |      √       |              | 可签发在 GoDaddy 注册的域名                                       |
+|  Namesilo  |      √       |              | 可签发在 Namesilo 注册的域名                                      |
+|  PowerDNS  |      √       |              | 可签发在 PowerDNS 托管的域名                                      |
+| HTTP 请求  |      √       |              | 可签发允许通过 HTTP 请求修改 DNS 的域名                           |
+|  本地部署  |              |      √       | 可部署到本地服务器                                                |
+|    SSH     |              |      √       | 可部署到 SSH 服务器                                               |
+|  Webhook   |              |      √       | 可部署时回调到 Webhook                                            |
+| Kubernetes |              |      √       | 可部署到 Kubernetes Secret                                        |

 ## 四、系统截图

-![login](https://i.imgur.com/SYjjbql.jpeg)
-
-![dashboard](https://i.imgur.com/WMVbBId.jpeg)
-
-![domains](https://i.imgur.com/8wit3ZA.jpeg)
-
-![accesses](https://i.imgur.com/EWtOoJ0.jpeg)
-
-![history](https://i.imgur.com/aaPtSW7.jpeg)
-
+<div align="center">
+<img src="https://i.imgur.com/SYjjbql.jpeg" title="Login page" width="95%"/>
+<img src="https://i.imgur.com/WMVbBId.jpeg" title="Dashboard page" width="47%"/>
+<img src="https://i.imgur.com/8wit3ZA.jpeg" title="Domains page" width="47%"/>
+<img src="https://i.imgur.com/EWtOoJ0.jpeg" title="Accesses page" width="47%"/>
+<img src="https://i.imgur.com/aaPtSW7.jpeg" title="History page" width="47%"/>
+</div>

 ## 五、概念

 Certimate 的工作流程如下：

-* 用户通过 Certimate 管理页面填写申请证书的信息，包括域名、dns 服务商的授权信息、以及要部署到的服务商的授权信息。
-* Certimate 向证书场商的 API 发起申请请求，获取 SSL 证书。
-* Certimate 存储证书信息，包括证书内容、私钥、证书有效期等，并在证书即将过期时自动续期。
-* Certimate 向服务商的 API 发起部署请求，将证书部署到服务商的服务器上。
+- 用户通过 Certimate 管理页面填写申请证书的信息，包括域名、DNS 服务商的授权信息、以及要部署到的服务商的授权信息。
+- Certimate 向证书厂商的 API 发起申请请求，获取 SSL 证书。
+- Certimate 存储证书信息，包括证书内容、私钥、证书有效期等，并在证书即将过期时自动续期。
+- Certimate 向服务商的 API 发起部署请求，将证书部署到服务商的服务器上。

-这就涉及域名、dns 服务商的授权信息、部署服务商的授权信息等。
+这就涉及域名、DNS 服务商的授权信息、部署服务商的授权信息等。

 ### 1. 域名

 就是要申请证书的域名。

-### 2. dns 服务商授权信息
+### 2. DNS 服务商授权信息

-给域名申请证书需要证明域名是你的，所以我们手动申请证书的时候一般需要在域名服务商的控制台解析记录中添加一个 TXT 记录。
+给域名申请证书需要证明域名是你的，所以我们手动申请证书的时候一般需要在域名服务商的控制台解析记录中添加一个 TXT 域名解析记录。

-Certimate 会自动添加一个 TXT 记录，你只需要在 Certimate 后台中填写你的域名服务商的授权信息即可。
+Certimate 会自动添加一个 TXT 域名解析记录，你只需要在 Certimate 后台中填写你的域名服务商的授权信息即可。

 比如你在阿里云购买的域名，授权信息如下：

 ```bash
-accessKeyId: xxx
-accessKeySecret: TOKEN
+accessKeyId: your-access-key-id
+accessKeySecret: your-access-key-secret
 ```

 在腾讯云购买的域名，授权信息如下：

 ```bash
-secretId: xxx
-secretKey: TOKEN
+secretId: your-secret-id
+secretKey: your-secret-key
 ```

+注意，此授权信息需具有访问域名及 DNS 解析的管理权限，具体的权限清单请参阅各服务商自己的技术文档。
+
 ### 3. 部署服务商授权信息

-Certimate 申请证书后，会自动将证书部署到你指定的目标上，比如阿里云 CDN 这时你需要填写阿里云的授权信息。Certimate 会根据你填写的授权信息及域名找到对应的 CDN 服务,并将证书部署到对应的 CDN 服务上。
+Certimate 申请证书后，会自动将证书部署到你指定的目标上，比如阿里云 CDN，Certimate 会根据你填写的授权信息及域名找到对应的 CDN 服务，并将证书部署到对应的 CDN 服务上。

-部署服务商授权信息和 dns 服务商授权信息一致，区别在于 dns 服务商授权信息用于证明域名是你的，部署服务商授权信息用于提供证书部署的授权信息。
+部署服务商授权信息和 DNS 服务商授权信息基本一致，区别在于 DNS 服务商授权信息用于证明域名是你的，部署服务商授权信息用于提供证书部署的授权信息。
+
+注意，此授权信息需具有访问部署目标服务的相关管理权限，具体的权限清单请参阅各服务商自己的技术文档。

 ## 六、常见问题

+Q: 提供 SaaS 服务吗？

-Q: 提供saas服务吗？
-
-> A: 不提供，目前仅支持self-hosted（私有部署）。
+> A: 不提供，目前仅支持 self-hosted（私有部署）。

 Q: 数据安全？

-> A: 由于仅支持私有部署，各种数据都保存在用户的服务器上。另外Certimate源码也开源，二进制包及Docker镜像打包过程全部使用Github actions进行，过程透明可见，可自行审计。
+> A: 由于仅支持私有部署，各种数据都保存在用户的服务器上。另外 Certimate 源码也开源，二进制包及 Docker 镜像打包过程全部使用 Github Actions 进行，过程透明可见，可自行审计。

 Q: 自动续期证书？

-> A: 已经申请的证书会在过期前10天自动续期。每天会检查一次证书是否快要过期，快要过期时会自动重新申请证书并部署到目标服务上。
+> A: 已经申请的证书会在**过期前 10 天**自动续期。每天会检查一次证书是否快要过期，快要过期时会自动重新申请证书并部署到目标服务上。

+## 七、贡献

+Certimate 是一个免费且开源的项目，采用 [MIT 开源协议](LICENSE.md)。你可以使用它做任何你想做的事，甚至把它当作一个付费服务提供给用户。

-## 七、许可证
+你可以通过以下方式来支持 Certimate 的开发：
+
+- 提交代码：如果你发现了 Bug 或有新的功能需求，而你又有相关经验，可以[提交代码](CONTRIBUTING.md)给我们。
+- 提交 Issue：功能建议或者 Bug 可以[提交 Issue](https://github.com/usual2970/certimate/issues) 给我们。
+
+支持更多服务商、UI 的优化改进、Bug 修复、文档完善等，欢迎大家提交 PR。
+
+## 八、免责声明
+
+本软件依据 MIT 许可证（MIT License）发布，免费提供，旨在“按现状”供用户使用。作者及贡献者不对使用本软件所产生的任何直接或间接后果承担责任，包括但不限于性能下降、数据丢失、服务中断、或任何其他类型的损害。
+
+无任何保证：本软件不提供任何明示或暗示的保证，包括但不限于对特定用途的适用性、无侵权性、商用性及可靠性的保证。
+
+用户责任：使用本软件即表示您理解并同意承担由此产生的一切风险及责任。
+
+## 九、加入社区
+
+- [Telegram-a new era of messaging](https://t.me/+ZXphsppxUg41YmVl)
+- 微信群聊（超 200 人需邀请入群，可先加作者好友）
+
+<img src="https://i.imgur.com/8xwsLTA.png" width="400"/>
+
+## 十、Star 趋势图
+
+[![Stargazers over time](https://starchart.cc/usual2970/certimate.svg?variant=adaptive)](https://starchart.cc/usual2970/certimate)

-Certimate 采用 MIT 许可证，详情请查看 [LICENSE](LICENSE.md) 文件。
--- a/README_EN.md
+++ b/README_EN.md
@@ -0,0 +1,189 @@
+[中文](README.md) | [English](README_EN.md)
+
+# 🔒Certimate
+
+For individuals managing personal projects or those responsible for IT operations in small businesses who need to manage multiple domain names, applying for certificates manually comes with several drawbacks:
+
+1. 😱Troublesome: Applying for and deploying certificates isn’t difficult, but it can be quite a hassle, especially when managing multiple domains.
+2. 😭Easily forgotten: The current free certificate has a validity period of only 90 days, requiring regular renewal operations. This increases the workload and makes it easy to forget, which can result in the website becoming inaccessible.
+
+Certimate was created to solve the above-mentioned issues and has the following features:
+
+1. Simple operation: Automatically apply, deploy, and renew SSL certificates without any manual intervention.
+2. Support for self-hosted deployment: The deployment method is simple; you only need to download the binary file and execute it. Both the binary files and Docker images are generated using GitHub Actions, ensuring a transparent process that can be audited independently.
+3. Data security: Since it is a self-hosted deployment, all data is stored locally and will not be saved on the service provider’s servers, ensuring the security of the data.
+
+Related articles:
+
+- [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
+- [Introduction to Domain Variables and Deployment Authorization Groups](https://docs.certimate.me/blog/multi-deployer)
+
+Certimate aims to provide users with a secure and user-friendly SSL certificate management solution. For usage documentation, please visit [https://docs.certimate.me](https://docs.certimate.me).
+
+## Installation
+
+Installing Certimate is very simple, you can choose one of the following methods for installation:
+
+### 1. Binary File
+
+You can download the precompiled binary files directly from the [Releases page](https://github.com/usual2970/certimate/releases), and after extracting them, execute:
+
+```bash
+./certimate serve
+```
+
+Or run the following command to automatically add a certificate to Certimate itself.
+
+```bash
+./certimate serve yourDomain
+```
+
+> [!NOTE]
+> When executing the binary file on macOS, you may see a prompt saying: “Cannot open ‘certimate’ because Apple cannot check it for malicious software.” You can go to System Preferences > Security & Privacy > General, then click “Allow Anyway,” and try executing the binary file again.
+
+### 2. Docker Installation
+
+```bash
+
+mkdir -p ~/.certimate && cd ~/.certimate && curl -O https://raw.githubusercontent.com/usual2970/certimate/refs/heads/main/docker/docker-compose.yml && docker compose up -d
+
+```
+
+### 3. Source Code Installation
+
+```bash
+git clone EMAIL:usual2970/certimate.git
+cd certimate
+make local.run
+```
+
+## Usage
+
+After completing the installation steps above, you can access the Certimate management page by visiting <http://127.0.0.1:8090> in your browser.
+
+```bash
+username：admin@certimate.fun
+password：1234567890
+```
+
+![usage.gif](https://i.imgur.com/zpCoLVM.gif)
+
+## List of Supported Providers
+
+|   Provider    | Registration | Deployment | Remarks                                                                                                     |
+| :-----------: | :----------: | :--------: | ----------------------------------------------------------------------------------------------------------- |
+| Alibaba Cloud |      √       |     √      | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN,SLB             |
+| Tencent Cloud |      √       |     √      | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, ECDN, CLB, TEO |
+|  Baidu Cloud  |              |     √      | Supports deployment to Baidu Cloud CDN                                                                      |
+| Huawei Cloud  |      √       |     √      | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB                   |
+|  Qiniu Cloud  |              |     √      | Supports deployment to Qiniu Cloud CDN                                                                      |
+|  Doge Cloud   |              |     √      | Supports deployment to Doge Cloud CDN                                                                       |
+|      AWS      |      √       |            | Supports domains managed on AWS Route53                                                                     |
+|  CloudFlare   |      √       |            | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates                   |
+|    GoDaddy    |      √       |            | Supports domains registered on GoDaddy                                                                      |
+|   Namesilo    |      √       |            | Supports domains registered on Namesilo                                                                     |
+|   PowerDNS    |      √       |            | Supports domains managed on PowerDNS                                                                        |
+| HTTP Request  |      √       |            | Supports domains which allow managing DNS by HTTP request                                                   |
+| Local Deploy  |              |     √      | Supports deployment to local servers                                                                        |
+|      SSH      |              |     √      | Supports deployment to SSH servers                                                                          |
+|    Webhook    |              |     √      | Supports callback to Webhook                                                                                |
+|  Kubernetes   |              |     √      | Supports deployment to Kubernetes Secret                                                                    |
+
+## Screenshots
+
+<div align="center">
+<img src="https://i.imgur.com/SYjjbql.jpeg" title="Login page" width="95%"/>
+<img src="https://i.imgur.com/WMVbBId.jpeg" title="Dashboard page" width="47%"/>
+<img src="https://i.imgur.com/8wit3ZA.jpeg" title="Domains page" width="47%"/>
+<img src="https://i.imgur.com/EWtOoJ0.jpeg" title="Accesses page" width="47%"/>
+<img src="https://i.imgur.com/aaPtSW7.jpeg" title="History page" width="47%"/>
+</div>
+
+## Concepts
+
+The workflow of Certimate is as follows:
+
+- Users fill in the certificate application information on the Certimate management page, including domain name, authorization information for the DNS provider, and authorization information for the service provider to deploy to.
+- Certimate sends a request to the certificate vendor's API to apply for an SSL certificate.
+- Certimate stores the certificate information, including the certificate content, private key, validity period, etc., and automatically renews the certificate when it is about to expire.
+- Certimate sends a deployment request to the service provider's API to deploy the certificate to the service provider's servers.
+
+This involves authorization information for the domain, DNS provider, and deployment service provider.
+
+### 1. Domain
+
+It involves the domain name for which the certificate is being requested.
+
+### 2. Authorization Information for the DNS Provider
+
+To apply for a certificate for a domain, you need to prove that the domain belongs to you. Therefore, when manually applying for a certificate, you typically need to add a TXT record to the DNS records in the domain provider's control panel.
+
+Certimate will automatically add a TXT record for you; you only need to fill in the authorization information for your DNS provider in the Certimate backend.
+
+For example, if you purchased the domain from Alibaba Cloud, the authorization information would be as follows:
+
+```bash
+accessKeyId: your-access-key-id
+accessKeySecret: your-access-key-secret
+```
+
+If you purchased the domain from Tencent Cloud, the authorization information would be as follows:
+
+```bash
+secretId: your-secret-id
+secretKey: your-secret-key
+```
+
+Notes: This authorization information requires relevant administration permissions for accessing the DNS services. Please refer to the documentations of each service provider for the specific permissions list.
+
+### 3. Authorization Information for the Deployment Service Provider
+
+After Certimate applies for the certificate, it will automatically deploy the certificate to your specified target, such as Alibaba Cloud CDN. At this point, you need to fill in the authorization information for Alibaba Cloud. Certimate will use the authorization information and domain name you provided to locate the corresponding CDN service and deploy the certificate to that service.
+
+The authorization information for the deployment service provider is the same as that for the DNS provider, with the distinction that the DNS provider's authorization information is used to prove that the domain belongs to you, while the deployment service provider's authorization information is used to provide authorization for the certificate deployment.
+
+Notes: This authorization information requires relevant administration permissions to access the target deployment services. Please refer to the documentations of each service provider for the specific permissions list.
+
+## FAQ
+
+Q: Do you provide SaaS services?
+
+> A: No, we do not provide that. Currently, we only support self-hosted.
+
+Q: Data Security?
+
+> A: Since only self-hosted is supported, all data is stored on the user’s server. Additionally, the source code of Certimate is open-source, and the packaging process for binary files and Docker images is entirely done using GitHub Actions. This process is transparent and visible, allowing for independent auditing.
+
+Q: Automatic Certificate Renewal?
+
+> A: Certificates that have already been issued will be automatically renewed **10 days before expiration**. The system checks once a day to see if any certificates are nearing expiration, and if so, it will automatically reapply for the certificate and deploy it to the target service.
+
+## Contributing
+
+Certimate is a free and open-source project, licensed under the [MIT License](LICENSE.md). You can use it for anything you want, even offering it as a paid service to users.
+
+You can support the development of Certimate in the following ways:
+
+- **Submit Code**: If you find a bug or have new feature requests, and you have relevant experience, [you can submit code to us](CONTRIBUTING_EN.md).
+- **Submit an Issue**: For feature suggestions or bugs, you can [submit an issue](https://github.com/usual2970/certimate/issues) to us.
+
+Support for more service providers, UI enhancements, bug fixes, and documentation improvements are all welcome. We encourage everyone to submit pull requests (PRs).
+
+## Disclaimer
+
+This software is provided under the MIT License and distributed “as-is” without any warranty of any kind. The authors and contributors are not responsible for any damages or losses resulting from the use or inability to use this software, including but not limited to data loss, business interruption, or any other potential harm.
+
+No Warranties: This software comes without any express or implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
+
+User Responsibility: By using this software, you agree to take full responsibility for any outcomes resulting from its use.
+
+## Join the Community
+
+- [Telegram-a new era of messaging](https://t.me/+ZXphsppxUg41YmVl)
+- Wechat Group
+
+<img src="https://i.imgur.com/zSHEoIm.png" width="400"/>
+
+## Star History
+
+[![Stargazers over time](https://starchart.cc/usual2970/certimate.svg?variant=adaptive)](https://starchart.cc/usual2970/certimate)
--- a/BIN
+++ b/BIN
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,10 +1,10 @@
-version: '3.0'
+version: "3.0"
 services:
-    certimate:
-      image: registry.cn-shanghai.aliyuncs.com/usual2970/certimate:latest
-      container_name: certimate_server
-      ports:
+  certimate:
+    image: registry.cn-shanghai.aliyuncs.com/usual2970/certimate:latest
+    container_name: certimate_server
+    ports:
      - 8090:8090
-      volumes:
+    volumes:
      - ./data:/app/pb_data
-      restart: unless-stopped
+    restart: unless-stopped
--- a/go.mod
+++ b/go.mod
@@ -1,72 +1,124 @@
-module certimate
+module github.com/usual2970/certimate

-go 1.22
+go 1.22.0

-toolchain go1.22.5
+toolchain go1.23.2

 require (
-	github.com/alibabacloud-go/cas-20200407/v2 v2.3.0
+	github.com/alibabacloud-go/alb-20200616/v2 v2.2.1
+	github.com/alibabacloud-go/cas-20200407/v3 v3.0.1
 	github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0
-	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8
-	github.com/alibabacloud-go/tea v1.2.1
-	github.com/alibabacloud-go/tea-utils/v2 v2.0.5
-	github.com/go-acme/lego/v4 v4.17.4
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10
+	github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3
+	github.com/alibabacloud-go/slb-20140515/v4 v4.0.9
+	github.com/alibabacloud-go/tea v1.2.2
+	github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
+	github.com/baidubce/bce-sdk-go v0.9.197
+	github.com/go-acme/lego/v4 v4.19.2
 	github.com/gojek/heimdall/v7 v7.0.3
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.114
 	github.com/labstack/echo/v5 v5.0.0-20230722203903-ec5b858dab61
+	github.com/nikoksr/notify v1.0.0
+	github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0
 	github.com/pkg/sftp v1.13.6
 	github.com/pocketbase/dbx v1.10.1
 	github.com/pocketbase/pocketbase v0.22.18
 	github.com/qiniu/go-sdk/v7 v7.22.0
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.992
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1031
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1031
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.992
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.992
-	golang.org/x/crypto v0.26.0
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1030
+	golang.org/x/crypto v0.28.0
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+	k8s.io/api v0.31.1
+	k8s.io/apimachinery v0.31.1
+	k8s.io/client-go v0.31.1
+	software.sslmate.com/src/go-pkcs12 v0.5.0
 )

-require github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+require (
+	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
+	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
+	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
+	github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
+	github.com/alibabacloud-go/tea-utils/v2 v2.0.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.43.2 // indirect
+	github.com/blinkbean/dingtalk v1.1.3 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-lark/lark v1.14.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.mongodb.org/mongo-driver v1.12.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)

 require (
 	github.com/AlecAivazis/survey/v2 v2.3.7 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
-	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
-	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
+	github.com/alibabacloud-go/dcdn-20180115/v3 v3.4.2
+	github.com/alibabacloud-go/debug v1.0.1 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
 	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.3 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.712 // indirect
-	github.com/aliyun/credentials-go v1.3.1 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.63.15 // indirect
+	github.com/aliyun/credentials-go v1.3.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
-	github.com/aws/smithy-go v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.17 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.17 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.61.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
+	github.com/aws/smithy-go v1.20.4 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/clbanning/mxj/v2 v2.5.5 // indirect
-	github.com/cloudflare/cloudflare-go v0.97.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/clbanning/mxj/v2 v2.5.6 // indirect
+	github.com/cloudflare/cloudflare-go v0.104.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/disintegration/imaging v1.6.2 // indirect
 	github.com/domodwyer/mailyak/v3 v3.6.2 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/fatih/color v1.17.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
 	github.com/ganigeorgiev/fexpr v0.4.1 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gojek/valkyrie v0.0.0-20180215180059-6aee720afcdf // indirect
@@ -75,8 +127,6 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -87,40 +137,40 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-sqlite3 v1.14.22 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
-	github.com/miekg/dns v1.1.59 // indirect
+	github.com/miekg/dns v1.1.62 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nrdcg/namesilo v0.2.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pkg/errors v0.9.1
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/stretchr/testify v1.9.0 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.898 // indirect
-	github.com/tjfoc/gmsm v1.3.2 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1002 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	gocloud.dev v0.37.0 // indirect
 	golang.org/x/image v0.18.0 // indirect
-	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/term v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.8.0
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.25.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
-	google.golang.org/api v0.189.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240723171418-e6d459c13d2a // indirect
-	google.golang.org/grpc v1.65.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/api v0.202.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/grpc v1.67.1 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/gc/v3 v3.0.0-20240722195230-4a140ff9c08e // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,17 +1,17 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14=
-cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU=
-cloud.google.com/go/auth v0.7.2 h1:uiha352VrCDMXg+yoBtaD0tUF4Kv9vrtrWPYXwutnDE=
-cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs=
-cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI=
-cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I=
+cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE=
+cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U=
+cloud.google.com/go/auth v0.9.8 h1:+CSJ0Gw9iVeSENVCKJoLHhdUykDgXSc4Qn+gu2BRtR8=
+cloud.google.com/go/auth v0.9.8/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
+cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
 cloud.google.com/go/compute v1.25.0 h1:H1/4SqSUhjPFE7L5ddzHOfY2bCAvjwNRZPNl6Ni5oYU=
-cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
-cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
-cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc=
-cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI=
-cloud.google.com/go/storage v1.39.1 h1:MvraqHKhogCOTXTlct/9C3K3+Uy2jBmFYb3/Sp6dVtY=
-cloud.google.com/go/storage v1.39.1/go.mod h1:xK6xZmxZmo+fyP7+DEF6FhNc24/JAe95OLyOHCXFH1o=
+cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
+cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+cloud.google.com/go/iam v1.1.11 h1:0mQ8UKSfdHLut6pH9FM3bI55KWR46ketn0PuXleDyxw=
+cloud.google.com/go/iam v1.1.11/go.mod h1:biXoiLWYIKntto2joP+62sd9uW5EpkZmKIvfNcTWlnQ=
+cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs=
+cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
@@ -29,91 +29,150 @@ github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDe
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
 github.com/alex-ant/gomath v0.0.0-20160516115720-89013a210a82/go.mod h1:nLnM0KdK1CmygvjpDUO6m1TjSsiQtL61juhNsvV/JVI=
-github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo=
+github.com/alibabacloud-go/alb-20200616/v2 v2.2.1 h1:b8ixnrkFhWrmJQd+iEE1UWPD5vdyC3d9l7G0uvkfi2s=
+github.com/alibabacloud-go/alb-20200616/v2 v2.2.1/go.mod h1:cPdZwovbqpv+5nM/HnMwZpG5q0/gBuX31hu2H1VoyrM=
+github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA=
+github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
-github.com/alibabacloud-go/cas-20200407/v2 v2.3.0 h1:nOrp0n2nFZiYN0wIG7S26YVVaMMzOBkX9GJqUvYnGeE=
-github.com/alibabacloud-go/cas-20200407/v2 v2.3.0/go.mod h1:yzkgdLANANu/v56k0ptslGl++JJL4Op1V09HTavfoCo=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g=
+github.com/alibabacloud-go/cas-20200407/v3 v3.0.1 h1:kAxd9IkdMaIX9aoBRA34q9WXKnkKTucil/zUlG4/3vo=
+github.com/alibabacloud-go/cas-20200407/v3 v3.0.1/go.mod h1:gElMYWcjdjKgqq9/2YxE6BIUMs10ZNGM4PRiRlDXgBs=
 github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0 h1:yTKngw4rBR3hdpoo/uCyBffYXfPfjNjlaDL8nTYUIds=
 github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0/go.mod h1:HxQrwVKBx3/6bIwmdDcpqBpSQt2tpi/j4LfEhl+QFPk=
-github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI=
-github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 h1:benoD0QHDrylMzEQVpX/6uKtrN8LohT66ZlKXVJh7pM=
+github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY=
+github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI=
+github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE=
+github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8=
+github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
+github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.5/go.mod h1:kUe8JqFmoVU7lfBauaDD5taFaW7mBI+xVsyHutYtabg=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI=
-github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 h1:NqugFkGxx1TXSh/pBcU00Y6bljgDPaFdh5MUSeJ7e50=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE=
+github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
+github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ=
+github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo=
+github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
+github.com/alibabacloud-go/dcdn-20180115/v3 v3.4.2 h1:WKMtPfhEmf8jX4FvdG7MFBJeCknPQ+FEHQppDcaCoU0=
+github.com/alibabacloud-go/dcdn-20180115/v3 v3.4.2/go.mod h1:dGuR8qQqofJKl99rVaWvObnP3bMkru3cdOtqJJ95048=
 github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY=
+github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA6GSbPg=
+github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
 github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q=
 github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
+github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3 h1:LtyUVlgBEKyzWgQJurzXM6MXCt84sQr9cE5OKqYymko=
+github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3/go.mod h1:4a/RcBYeAhYowHzX+LMgnouz7NradnSKPKl14KS3B1U=
+github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
 github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=
 github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
+github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 h1:L0TIjr9Qh/SLVc1yPhFkcB9+9SbCNK/jPq4ZKB5zmnc=
+github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1/go.mod h1:EKxBRDLcMzwl4VLF/1WJwlByZZECJawPXUvinKMsTTs=
+github.com/alibabacloud-go/slb-20140515/v4 v4.0.9 h1:nrf9gQth7fONUj7V8i78Yb98eb9NdKl0VdeSjmeYugI=
+github.com/alibabacloud-go/slb-20140515/v4 v4.0.9/go.mod h1:PEMEsQoxhkMvykMFP5ZXg6SWI9vmAiZ6lK3Pu4mTKB0=
 github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg=
 github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.10/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.12/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
-github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask=
+github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
 github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA=
+github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU=
+github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
+github.com/alibabacloud-go/tea-fileform v1.1.1 h1:1YG6erAP3joQ0XdCXYIotuD7zyOM6qCR49xkp5FZDeU=
+github.com/alibabacloud-go/tea-fileform v1.1.1/go.mod h1:ZeCV91o4ISmxidd686f0ebdS5EDHWU+vW+TkjLhrsFE=
+github.com/alibabacloud-go/tea-oss-sdk v1.1.3 h1:EhAHI6edMeqgkZEqP7r4nc9iMWAUBKGxJHoBsOSKTtU=
+github.com/alibabacloud-go/tea-oss-sdk v1.1.3/go.mod h1:yUnodpR3Bf2rudLE7V/Gft5txjJF30Pk+hH77K/Eab0=
+github.com/alibabacloud-go/tea-oss-utils v1.1.0 h1:y65crjjcZ2Pbb6UZtC2deuIZHDVTS3IaDWE7M9nVLRc=
+github.com/alibabacloud-go/tea-oss-utils v1.1.0/go.mod h1:PFCF12e9yEKyBUIn7X1IrF/pNjvxgkHy0CgxX4+xRuY=
 github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
-github.com/alibabacloud-go/tea-utils v1.4.3 h1:8SzwmmRrOnQ09Hf5a9GyfJc0d7Sjv6fmsZoF4UDbFjo=
-github.com/alibabacloud-go/tea-utils v1.4.3/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
-github.com/alibabacloud-go/tea-utils/v2 v2.0.5 h1:EUakYEUAwr6L3wLT0vejIw2rc0IA1RSXDwLnIb3f2vU=
+github.com/alibabacloud-go/tea-utils v1.3.6/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
+github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=
+github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.4/go.mod h1:sj1PbjPodAVTqGTA3olprfeeqqmwD0A5OQz94o9EuXQ=
 github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I=
+github.com/alibabacloud-go/tea-xml v1.1.1/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
+github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
 github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
-github.com/aliyun/alibaba-cloud-sdk-go v1.62.712 h1:lM7JnA9dEdDFH9XOgRNQMDTQnOjlLkDTNA7c0aWTQ30=
-github.com/aliyun/alibaba-cloud-sdk-go v1.62.712/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
+github.com/aliyun/alibaba-cloud-sdk-go v1.63.15 h1:r2uwBUQhLhcPzaWz9tRJqc8MjYwHb+oF2+Q6467BF14=
+github.com/aliyun/alibaba-cloud-sdk-go v1.63.15/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
+github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
+github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
-github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28=
 github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
+github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM=
+github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA=
+github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
 github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.51.11 h1:El5VypsMIz7sFwAAj/j06JX9UGs4KAbAIEaZ57bNY4s=
 github.com/aws/aws-sdk-go v1.51.11/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
-github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
-github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM=
-github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90=
-github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU=
+github.com/aws/aws-sdk-go-v2 v1.30.5 h1:mWSRTwQAb0aLE17dSzztCVJWI9+cRMgqebndjwDyK0g=
+github.com/aws/aws-sdk-go-v2 v1.30.5/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 h1:70PVAiL15/aBMh5LThwgXdSQorVr91L127ttckI9QQU=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4/go.mod h1:/MQxMqci8tlqDH+pjmoLu1i0tbWCUP1hhyMRuFxpQCw=
+github.com/aws/aws-sdk-go-v2/config v1.27.33 h1:Nof9o/MsmH4oa0s2q9a0k7tMz5x/Yj5k06lDODWz3BU=
+github.com/aws/aws-sdk-go-v2/config v1.27.33/go.mod h1:kEqdYzRb8dd8Sy2pOdEbExTTF5v7ozEXX0McgPE7xks=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.32 h1:7Cxhp/BnT2RcGy4VisJ9miUPecY+lyE9I8JvcZofn9I=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.32/go.mod h1:P5/QMF3/DCHbXGEGkdbilXHsyTBX5D3HSwcrSc9p20I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 h1:pfQ2sqNpMVK6xz2RbqLEL0GH87JOwSxPV2rzm8Zsb74=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13/go.mod h1:NG7RXPUlqfsCLLFfi0+IpKN4sCB9D9fw/qTaSB+xRoU=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8 h1:u1KOU1S15ufyZqmH/rA3POkiRH6EcDANHj2xHRzq+zc=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8/go.mod h1:WPv2FRnkIOoDv/8j2gSUsI4qDc7392w5anFB/I89GZ8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 h1:Z5r7SycxmSllHYmaAZPpmN8GviDrSGhMS6bldqtXZPw=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15/go.mod h1:CetW7bDE00QoGEmPUoZuRog07SGVAUVW6LFpNP0YfIg=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 h1:YPYe6ZmvUfDDDELqEKtAd6bo8zxhkm+XEFEzQisqUIE=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17/go.mod h1:oBtcnYua/CgzCWYN7NZ5j7PotFDaFSUjCYVTtfyn7vw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 h1:246A4lSTXWJw/rmlQI+TT2OcqeDMKBdyjEQrafMaQdA=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15/go.mod h1:haVfg3761/WF7YPuJOER2MP0k4UAXyHaLclKXB6usDg=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 h1:sZXIzO38GZOU+O0C+INqbH7C2yALwfMWpd64tONS/NE=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2/go.mod h1:Lcxzg5rojyVPU/0eFwLtcyTaek/6Mtic5B1gJo7e/zE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ=
-github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
-github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 h1:pI7Bzt0BJtYA0N/JEC6B8fJ4RBrEMi1LBrkMdFYNSnQ=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17/go.mod h1:Dh5zzJYMtxfIjYW+/evjQ8uj2OyR/ve2KROHGHlSFqE=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 h1:Mqr/V5gvrhA2gvgnF42Zh5iMiQNcOYthFYwCyrnuWlc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17/go.mod h1:aLJpZlCmjE+V+KtN1q1uyZkfnUWpQGpbsn89XPKyzfU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.17 h1:Roo69qTpfu8OlJ2Tb7pAYVuF0CpuUMB0IYWwYP/4DZM=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.17/go.mod h1:NcWPxQzGM1USQggaTVwz6VpqMZPX1CvDJLDh6jnOCa4=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.19 h1:FLMkfEiRjhgeDTCjjLoc3URo/TBkgeQbocA78lfkzSI=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.19/go.mod h1:Vx+GucNSsdhaxs3aZIKfSUjKVGsxN25nX2SRcdhuw08=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 h1:rfprUlsdzgl7ZL2KlXiUAoJnI/VxfHCvDFr2QDFj6u4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19/go.mod h1:SCWkEdRq8/7EK60NcvvQ6NXKuTcchAD4ROAsC37VEZE=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.17 h1:u+EfGmksnJc/x5tq3A+OD7LrMbSSR/5TrKLvkdy/fhY=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.17/go.mod h1:VaMx6302JHax2vHJWgRo+5n9zvbacs3bLU/23DNQrTY=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.43.2 h1:957e1/SwXIfPi/0OUJkH9YnPZRe9G6Kisd/xUhF7AUE=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.43.2/go.mod h1:343vcjcyOTuHTBBgUrOxPM36/jE96qLZnGL447ldrB0=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.61.2 h1:Kp6PWAlXwP1UvIflkIP6MFZYBNDCa4mFCGtxrpICVOg=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.61.2/go.mod h1:5FmD/Dqq57gP+XwaUnd5WFPipAuzrf0HmupX27Gvjvc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 h1:pIaGg+08llrP7Q5aiz9ICWbY8cqhTkyy+0SHvfzQpTc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.7/go.mod h1:eEygMHnTKH/3kNp9Jr1n3PdejuSNcgwLe1dWgQtO0VQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 h1:/Cfdu0XV3mONYKaOt1Gr0k1KvQzkzPyiKUdlWJqy+J4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7/go.mod h1:bCbAxKDqNvkHxRaIMnyVPXPo+OaPRwvmgzMxbz1VKSA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 h1:NKTa1eqZYw8tiHSRGpP0VtTdub/8KNk8sDkNPFaOKDE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.7/go.mod h1:NXi1dIAGteSaRLqYgarlhP/Ij0cFT+qmCwiJqWh/U5o=
+github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4=
+github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/baidubce/bce-sdk-go v0.9.197 h1:TQqa4J+FTagrywhaTQ707ffE1eG3ix1s06eSZ/K+Wk0=
+github.com/baidubce/bce-sdk-go v0.9.197/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
+github.com/blinkbean/dingtalk v1.1.3 h1:MbidFZYom7DTFHD/YIs+eaI7kRy52kmWE/sy0xjo6E4=
+github.com/blinkbean/dingtalk v1.1.3/go.mod h1:9BaLuGSBqY3vT5hstValh48DbsKO7vaHaJnG9pXwbto=
 github.com/cactus/go-statsd-client/statsd v0.0.0-20200423205355-cb0885a1018c/go.mod h1:l/bIBLeOl9eX+wxJAzxS4TveKRtAqlyDpHjhkfO0MEI=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E=
 github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.5.6 h1:Jm4VaCI/+Ug5Q57IzEoZbwx4iQFA6wkXv72juUSeK+g=
+github.com/clbanning/mxj/v2 v2.5.6/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.97.0 h1:feZRGiRF1EbljnNIYdt8014FnOLtC3CCvgkLXu915ks=
-github.com/cloudflare/cloudflare-go v0.97.0/go.mod h1:JXRwuTfHpe5xFg8xytc2w0XC6LcrFsBVMS4WlVaiGg8=
+github.com/cloudflare/cloudflare-go v0.104.0 h1:R/lB0dZupaZbOgibAH/BRrkFbZ6Acn/WsKg2iX2xXuY=
+github.com/cloudflare/cloudflare-go v0.104.0/go.mod h1:pfUQ4PIG4ISI0/Mmc21Bp86UnFU0ktmPf3iTgbSL+cM=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -121,8 +180,9 @@ github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
 github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/dave/jennifer v1.6.1/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c=
 github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4=
 github.com/domodwyer/mailyak/v3 v3.6.2 h1:x3tGMsyFhTCaxp6ycgR0FE/bu5QiNp+hetUuCOBXMn8=
@@ -131,6 +191,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/elastic/go-sysinfo v1.0.2/go.mod h1:O/D5m1VpYLwGjCYzEt63g3Z1uO3jXfwyzzjiW90t8cY=
 github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -142,20 +204,31 @@ github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
-github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
+github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
 github.com/gammazero/toposort v0.1.1/go.mod h1:H2cozTnNpMw0hg2VHAYsAxmkHXBYroNangj2NTBQDvw=
 github.com/ganigeorgiev/fexpr v0.4.1 h1:hpUgbUEEWIZhSDBtf4M9aUNfQQ0BZkGRaMePy7Gcx5k=
 github.com/ganigeorgiev/fexpr v0.4.1/go.mod h1:RyGiGqmeXhEQ6+mlGdnUleLHgtzzu/VGO2WtJkF5drE=
-github.com/go-acme/lego/v4 v4.17.4 h1:h0nePd3ObP6o7kAkndtpTzCw8shOZuWckNYeUQwo36Q=
-github.com/go-acme/lego/v4 v4.17.4/go.mod h1:dU94SvPNqimEeb7EVilGGSnS0nU1O5Exir0pQ4QFL4U=
+github.com/go-acme/lego/v4 v4.19.2 h1:Y8hrmMvWETdqzzkRly7m98xtPJJivWFsgWi8fcvZo+Y=
+github.com/go-acme/lego/v4 v4.19.2/go.mod h1:wtDe3dDkmV4/oI2nydpNXSJpvV10J9RCyZ6MbYxNtlQ=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
-github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-lark/lark v1.14.1 h1:qWYQTk6wLwf/08u8WbdNAHNmfqavdOvmsENlQ+Cb8aY=
+github.com/go-lark/lark v1.14.1/go.mod h1:6ltbSztPZRT6IaO9ZIQyVaY5pVp/KeMizDYtfZkU+vM=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es=
 github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -167,9 +240,15 @@ github.com/go-playground/validator/v10 v10.7.0/go.mod h1:xm76BBt941f7yWdGnI2DVPF
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.8.0 h1:UtktXaU2Nb64z/pLiGIxY4431SJ4/dR5cjMmlVHgnT4=
 github.com/go-sql-driver/mysql v1.8.0/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaELYAEARXRkq2LrJ0yDDv1rW7+wrTEdVL3uaU=
+github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/gojek/heimdall/v7 v7.0.3 h1:+5sAhl8S0m+qRRL8IVeHCJudFh/XkG3wyO++nvOg+gc=
 github.com/gojek/heimdall/v7 v7.0.3/go.mod h1:Z43HtMid7ysSjmsedPTXAki6jcdcNVnjn5pmsTyiMic=
 github.com/gojek/valkyrie v0.0.0-20180215180059-6aee720afcdf h1:5xRGbUdOmZKoDXkGx5evVLehuCMpuO1hl701bEQqXOM=
@@ -186,15 +265,20 @@ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -203,39 +287,40 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 h1:e+8XbKB6IMn8A4OAyZccO4pYfB3s7bt6azNIPE7AnPg=
 github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
-github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
-github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
+github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/wire v0.6.0 h1:HBkoIh4BdSxoyo9PveV8giw7ZsaBOvzWKfcg/6MrVwI=
 github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA=
-github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
-github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
 github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
 github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
-github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.114 h1:X3E16S6AUZsQKhJIQ5kNnylnp0GtSy2YhIbxfvDavtU=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.114/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -244,6 +329,12 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
+github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
+github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -251,6 +342,9 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV
 github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -266,6 +360,8 @@ github.com/labstack/echo/v5 v5.0.0-20230722203903-ec5b858dab61 h1:FwuzbVh87iLiUQ
 github.com/labstack/echo/v5 v5.0.0-20230722203903-ec5b858dab61/go.mod h1:paQfF1YtHe+GrGg5fOgjsjoCX/UKDr9bc1DoWpZfns8=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f/go.mod h1:aEt7p9Rvh67BYApmZwNDPpgircTO2kgdmDUoF/1QmwA=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
@@ -279,8 +375,8 @@ github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxU
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
-github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
-github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -288,21 +384,33 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nikoksr/notify v1.0.0 h1:qe9/6FRsWdxBgQgWcpvQ0sv8LRGJZDpRB4TkL2uNdO8=
+github.com/nikoksr/notify v1.0.0/go.mod h1:hPaaDt30d6LAA7/5nb0e48Bp/MctDfycCSs8VEgN29I=
 github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg=
 github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
+github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
+github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
+github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ=
+github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=
 github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pocketbase/dbx v1.10.1 h1:cw+vsyfCJD8YObOVeqb93YErnlxwYMkNZ4rwN0G0AaA=
 github.com/pocketbase/dbx v1.10.1/go.mod h1:xXRCIAKTHMgUCyCKZm55pUOdvFziJjQfXaWKhu2vhMs=
 github.com/pocketbase/pocketbase v0.22.18 h1:yVckUhi5GDORqCb0BbtlvRB1CVxHY9HO9btEaeZHVJU=
@@ -318,8 +426,8 @@ github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
@@ -345,19 +453,30 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.898/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.992 h1:266lOve+E8vzhnrb/Mr05Ee+oxXD9C82JiusY/AZqXw=
+github.com/technoweenie/multipartstreamer v1.0.1 h1:XRztA5MXiR1TIRHxH2uNxXxaIkKQDeX7m2XsSOlQEnM=
+github.com/technoweenie/multipartstreamer v1.0.1/go.mod h1:jNVxdtShOxzAsukZwTSw6MDx5eUJoiEBsSvzDU9uzog=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017 h1:OymmfmyFkvHirY3WHsoRT3cdTEsqygLbMn8jM41erK4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017/go.mod h1:gnLxGXlLmF+jDqWR1/RVoF/UUwxQxomQhkc0oN7KeuI=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1031 h1:/eVMCl+jadCex6HxNN6/hFbC0iWl+e8s4PSIcI8aqS4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1031/go.mod h1:8Km0fRIaDS7PssuyxDFvRRFBUFmECqG+ICpViCs/Vak=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.992/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.898 h1:LoYv5u+gUoFpU/AmIuTRG/2KiEkdm9gCC0dTvk8WITQ=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.898/go.mod h1:c1j6YQ+vCbeA8kJ59Im4UnMd1GxovlpPBDhGZoewfn8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1002/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1017/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1030/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1031 h1:3ouglYKE5cwhx2vwICGeW7pAlwyCLnpQd7O0l3hCSTg=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1031/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1002 h1:QwE0dRkAAbdf+eACnkNULgDn9ZKUJpPWRyXdqJolP5E=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1002/go.mod h1:WdC0FYbqYhJwQ3kbqri6hVP5HAEp+rzX9FToItTAzUg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.992 h1:A6O89OlCJQUpNxGqC/E5By04UNKBryIt5olQIGOx8mg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.992/go.mod h1:BcvC7ZPdSlhRggVq4J1ToJlgv8bmODIAuSo0naFZOLo=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.992 h1:ttCM2rrkGipHMFTavrPExKCWcfNjT7AMQ5ERrPExdI4=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.992/go.mod h1:WtzarrflM+eoyD8vcRuIPd8fT5UXD4IhUry6iSAUnxc=
-github.com/tjfoc/gmsm v1.3.2 h1:7JVkAn5bvUJ7HtU08iW6UiD+UTmJTIToHCfeFzkcCxM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1030 h1:tlHbfQlAfL12J/5XF4indKl0cAA3vEn6TDiGZVsr050=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1030/go.mod h1:8dW6JByZKNDAPnjlXxBk9yDc+QGbldpa0tBRfi1kG+U=
 github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
 github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
@@ -366,21 +485,30 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
 github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
+github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
+go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
-go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
-go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
-go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
-go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
+go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
+go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
+go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
+go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
+go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 gocloud.dev v0.37.0 h1:XF1rN6R0qZI/9DYjN16Uy0durAmSlf58DHOcb28GPro=
@@ -391,18 +519,26 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -415,11 +551,12 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -429,8 +566,11 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
@@ -438,17 +578,21 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
@@ -463,6 +607,7 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -473,8 +618,12 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -482,22 +631,30 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -509,10 +666,12 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE=
+golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -523,27 +682,28 @@ gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJ
 gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
 gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
-google.golang.org/api v0.189.0 h1:equMo30LypAkdkLMBqfeIqtyAnlyig1JSZArl4XPwdI=
-google.golang.org/api v0.189.0/go.mod h1:FLWGJKb0hb+pU2j+rJqwbnsF+ym+fQs73rbJ+KAUgy8=
+google.golang.org/api v0.202.0 h1:y1iuVHMqokQbimW79ZqPZWo4CiyFu6HcCYHwSNyzlfo=
+google.golang.org/api v0.202.0/go.mod h1:3Jjeq7M/SFblTNCp7ES2xhq+WvGL0KeXI0joHQBfwTQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240722135656-d784300faade h1:lKFsS7wpngDgSCeFn7MoLy+wBDQZ1UQIJD4UNM1Qvkg=
-google.golang.org/genproto v0.0.0-20240722135656-d784300faade/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240723171418-e6d459c13d2a h1:hqK4+jJZXCU4pW7jsAdGOVFIfLHQeV7LaizZKnZ84HI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240723171418-e6d459c13d2a/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 h1:Df6WuGvthPzc+JiQ/G+m+sNX24kc0aTBqoDN/0yyykE=
+google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53/go.mod h1:fheguH3Am2dGp1LfXkrvwqC/KlFq8F0nLq3LryOMrrE=
+google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 h1:X58yt85/IXCx0Y3ZwN6sEIKZzQtDEYaBWrDvErdXrRE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
-google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -553,14 +713,16 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -577,6 +739,18 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
+k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
+k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 modernc.org/cc/v4 v4.21.4 h1:3Be/Rdo1fpr8GrQ7IVw9OHtplU4gWbb+wNgeoBMmGLQ=
 modernc.org/cc/v4 v4.21.4/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
 modernc.org/ccgo/v4 v4.19.2 h1:lwQZgvboKD0jBwdaeVCTouxhxAyN6iawF3STraAal8Y=
@@ -604,3 +778,11 @@ modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+software.sslmate.com/src/go-pkcs12 v0.5.0 h1:EC6R394xgENTpZ4RltKydeDUjtlM5drOYIG9c6TVj2M=
+software.sslmate.com/src/go-pkcs12 v0.5.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
--- a/internal/applicant/aliyun.go
+++ b/internal/applicant/aliyun.go
@@ -1,11 +1,13 @@
 package applicant

 import (
-	"certimate/internal/domain"
 	"encoding/json"
+	"fmt"
 	"os"

 	"github.com/go-acme/lego/v4/providers/dns/alidns"
+
+	"github.com/usual2970/certimate/internal/domain"
 )

 type aliyun struct {
@@ -19,12 +21,12 @@ func NewAliyun(option *ApplyOption) Applicant {
 }

 func (a *aliyun) Apply() (*Certificate, error) {
-
 	access := &domain.AliyunAccess{}
 	json.Unmarshal([]byte(a.option.Access), access)

 	os.Setenv("ALICLOUD_ACCESS_KEY", access.AccessKeyId)
 	os.Setenv("ALICLOUD_SECRET_KEY", access.AccessKeySecret)
+	os.Setenv("ALICLOUD_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
 	dnsProvider, err := alidns.NewDNSProvider()
 	if err != nil {
 		return nil, err
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -6,22 +6,60 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"errors"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/repository"
+	"github.com/usual2970/certimate/internal/utils/app"

 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/registration"
 	"github.com/pocketbase/pocketbase/models"
 )

 const (
-	configTypeTencent    = "tencent"
-	configTypeAliyun     = "aliyun"
-	configTypeCloudflare = "cloudflare"
-	configTypeNamesilo   = "namesilo"
+	configTypeAliyun      = "aliyun"
+	configTypeTencent     = "tencent"
+	configTypeHuaweiCloud = "huaweicloud"
+	configTypeAws         = "aws"
+	configTypeCloudflare  = "cloudflare"
+	configTypeNamesilo    = "namesilo"
+	configTypeGodaddy     = "godaddy"
+	configTypePdns        = "pdns"
+	configTypeHttpreq     = "httpreq"
 )

+const defaultSSLProvider = "letsencrypt"
+const (
+	sslProviderLetsencrypt = "letsencrypt"
+	sslProviderZeroSSL     = "zerossl"
+	sslProviderGts         = "gts"
+)
+
+const (
+	zerosslUrl     = "https://acme.zerossl.com/v2/DV90"
+	letsencryptUrl = "https://acme-v02.api.letsencrypt.org/directory"
+	gtsUrl         = "https://dv.acme-v02.api.pki.goog/directory"
+)
+
+var sslProviderUrls = map[string]string{
+	sslProviderLetsencrypt: letsencryptUrl,
+	sslProviderZeroSSL:     zerosslUrl,
+	sslProviderGts:         gtsUrl,
+}
+
+const defaultEmail = "536464346@qq.com"
+
+const defaultTimeout = 60
+
 type Certificate struct {
 	CertUrl           string `json:"certUrl"`
 	CertStableUrl     string `json:"certStableUrl"`
@@ -32,24 +70,67 @@ type Certificate struct {
 }

 type ApplyOption struct {
-	Email  string `json:"email"`
-	Domain string `json:"domain"`
-	Access string `json:"access"`
+	Email              string `json:"email"`
+	Domain             string `json:"domain"`
+	Access             string `json:"access"`
+	KeyAlgorithm       string `json:"keyAlgorithm"`
+	Nameservers        string `json:"nameservers"`
+	Timeout            int64  `json:"timeout"`
+	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
 }

-type MyUser struct {
+type ApplyUser struct {
+	Ca           string
 	Email        string
 	Registration *registration.Resource
-	key          crypto.PrivateKey
+	key          string
 }

-func (u *MyUser) GetEmail() string {
+func newApplyUser(ca, email string) (*ApplyUser, error) {
+	repo := getAcmeAccountRepository()
+	rs := &ApplyUser{
+		Ca:    ca,
+		Email: email,
+	}
+	resp, err := repo.GetByCAAndEmail(ca, email)
+	if err != nil {
+		privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			return nil, err
+		}
+		keyStr, err := x509.ConvertECPrivateKeyToPEM(privateKey)
+		if err != nil {
+			return nil, err
+		}
+		rs.key = keyStr
+
+		return rs, nil
+	}
+
+	rs.Registration = resp.Resource
+	rs.key = resp.Key
+
+	return rs, nil
+}
+
+func (u *ApplyUser) GetEmail() string {
 	return u.Email
 }
-func (u MyUser) GetRegistration() *registration.Resource {
+
+func (u ApplyUser) GetRegistration() *registration.Resource {
 	return u.Registration
 }
-func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
+
+func (u *ApplyUser) GetPrivateKey() crypto.PrivateKey {
+	rs, _ := x509.ParseECPrivateKeyFromPEM(u.key)
+	return rs
+}
+
+func (u *ApplyUser) hasRegistration() bool {
+	return u.Registration != nil
+}
+
+func (u *ApplyUser) getPrivateKeyString() string {
 	return u.key
 }

@@ -58,43 +139,102 @@ type Applicant interface {
 }

 func Get(record *models.Record) (Applicant, error) {
-	access := record.ExpandedOne("access")
-	option := &ApplyOption{
-		Email:  "536464346@qq.com",
-		Domain: record.GetString("domain"),
-		Access: access.GetString("config"),
+	if record.GetString("applyConfig") == "" {
+		return nil, errors.New("applyConfig is empty")
 	}
+
+	applyConfig := &domain.ApplyConfig{}
+	record.UnmarshalJSONField("applyConfig", applyConfig)
+
+	access, err := app.GetApp().Dao().FindRecordById("access", applyConfig.Access)
+	if err != nil {
+		return nil, fmt.Errorf("access record not found: %w", err)
+	}
+
+	if applyConfig.Email == "" {
+		applyConfig.Email = defaultEmail
+	}
+
+	if applyConfig.Timeout == 0 {
+		applyConfig.Timeout = defaultTimeout
+	}
+
+	option := &ApplyOption{
+		Email:              applyConfig.Email,
+		Domain:             record.GetString("domain"),
+		Access:             access.GetString("config"),
+		KeyAlgorithm:       applyConfig.KeyAlgorithm,
+		Nameservers:        applyConfig.Nameservers,
+		Timeout:            applyConfig.Timeout,
+		DisableFollowCNAME: applyConfig.DisableFollowCNAME,
+	}
+
 	switch access.GetString("configType") {
-	case configTypeTencent:
-		return NewTencent(option), nil
 	case configTypeAliyun:
 		return NewAliyun(option), nil
+	case configTypeTencent:
+		return NewTencent(option), nil
+	case configTypeHuaweiCloud:
+		return NewHuaweiCloud(option), nil
+	case configTypeAws:
+		return NewAws(option), nil
 	case configTypeCloudflare:
 		return NewCloudflare(option), nil
 	case configTypeNamesilo:
 		return NewNamesilo(option), nil
+	case configTypeGodaddy:
+		return NewGodaddy(option), nil
+	case configTypePdns:
+		return NewPdns(option), nil
+	case configTypeHttpreq:
+		return NewHttpreq(option), nil
 	default:
 		return nil, errors.New("unknown config type")
 	}
+}

+type SSLProviderConfig struct {
+	Config   SSLProviderConfigContent `json:"config"`
+	Provider string                   `json:"provider"`
+}
+
+type SSLProviderConfigContent struct {
+	Zerossl SSLProviderEab `json:"zerossl"`
+	Gts     SSLProviderEab `json:"gts"`
+}
+
+type SSLProviderEab struct {
+	EabHmacKey string `json:"eabHmacKey"`
+	EabKid     string `json:"eabKid"`
 }

 func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, error) {
-	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	record, _ := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='ssl-provider'")
+
+	sslProvider := &SSLProviderConfig{
+		Config:   SSLProviderConfigContent{},
+		Provider: defaultSSLProvider,
+	}
+	if record != nil {
+		if err := record.UnmarshalJSONField("content", sslProvider); err != nil {
+			return nil, err
+		}
+	}
+
+	// Some unified lego environment variables are configured here.
+	// link: https://github.com/go-acme/lego/issues/1867
+	os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", strconv.FormatBool(option.DisableFollowCNAME))
+
+	myUser, err := newApplyUser(sslProvider.Provider, option.Email)
 	if err != nil {
 		return nil, err
 	}

-	myUser := MyUser{
-		Email: option.Email,
-		key:   privateKey,
-	}
-
-	config := lego.NewConfig(&myUser)
+	config := lego.NewConfig(myUser)

 	// This CA URL is configured for a local dev instance of Boulder running in Docker in a VM.
-	config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory"
-	config.Certificate.KeyType = certcrypto.RSA2048
+	config.CADirURL = sslProviderUrls[sslProvider.Provider]
+	config.Certificate.KeyType = parseKeyAlgorithm(option.KeyAlgorithm)

 	// A client facilitates communication with the CA server.
 	client, err := lego.NewClient(config)
@@ -102,17 +242,26 @@ func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, erro
 		return nil, err
 	}

-	client.Challenge.SetDNS01Provider(provider)
+	challengeOptions := make([]dns01.ChallengeOption, 0)
+	nameservers := parseNameservers(option.Nameservers)
+	if len(nameservers) > 0 {
+		challengeOptions = append(challengeOptions, dns01.AddRecursiveNameservers(nameservers))
+	}
+
+	client.Challenge.SetDNS01Provider(provider, challengeOptions...)

 	// New users will need to register
-	reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
-	if err != nil {
-		return nil, err
+	if !myUser.hasRegistration() {
+		reg, err := getReg(client, sslProvider, myUser)
+		if err != nil {
+			return nil, fmt.Errorf("failed to register: %w", err)
+		}
+		myUser.Registration = reg
 	}
-	myUser.Registration = reg

+	domains := strings.Split(option.Domain, ";")
 	request := certificate.ObtainRequest{
-		Domains: []string{option.Domain},
+		Domains: domains,
 		Bundle:  true,
 	}
 	certificates, err := client.Certificate.Obtain(request)
@@ -129,3 +278,91 @@ func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, erro
 		Csr:               string(certificates.CSR),
 	}, nil
 }
+
+type AcmeAccountRepository interface {
+	GetByCAAndEmail(ca, email string) (*domain.AcmeAccount, error)
+	Save(ca, email, key string, resource *registration.Resource) error
+}
+
+func getAcmeAccountRepository() AcmeAccountRepository {
+	return repository.NewAcmeAccountRepository()
+}
+
+func getReg(client *lego.Client, sslProvider *SSLProviderConfig, user *ApplyUser) (*registration.Resource, error) {
+	var reg *registration.Resource
+	var err error
+	switch sslProvider.Provider {
+	case sslProviderZeroSSL:
+		reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			TermsOfServiceAgreed: true,
+			Kid:                  sslProvider.Config.Zerossl.EabKid,
+			HmacEncoded:          sslProvider.Config.Zerossl.EabHmacKey,
+		})
+	case sslProviderGts:
+		reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			TermsOfServiceAgreed: true,
+			Kid:                  sslProvider.Config.Gts.EabKid,
+			HmacEncoded:          sslProvider.Config.Gts.EabHmacKey,
+		})
+
+	case sslProviderLetsencrypt:
+		reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+
+	default:
+		err = errors.New("unknown ssl provider")
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	repo := getAcmeAccountRepository()
+
+	resp, err := repo.GetByCAAndEmail(sslProvider.Provider, user.GetEmail())
+	if err == nil {
+		user.key = resp.Key
+		return resp.Resource, nil
+	}
+
+	if err := repo.Save(sslProvider.Provider, user.GetEmail(), user.getPrivateKeyString(), reg); err != nil {
+		return nil, fmt.Errorf("failed to save registration: %w", err)
+	}
+
+	return reg, nil
+}
+
+func parseNameservers(ns string) []string {
+	nameservers := make([]string, 0)
+
+	lines := strings.Split(ns, ";")
+
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" {
+			continue
+		}
+
+		nameservers = append(nameservers, line)
+	}
+
+	return nameservers
+}
+
+func parseKeyAlgorithm(algo string) certcrypto.KeyType {
+	switch algo {
+	case "RSA2048":
+		return certcrypto.RSA2048
+	case "RSA3072":
+		return certcrypto.RSA3072
+	case "RSA4096":
+		return certcrypto.RSA4096
+	case "RSA8192":
+		return certcrypto.RSA8192
+	case "EC256":
+		return certcrypto.EC256
+	case "EC384":
+		return certcrypto.EC384
+	default:
+		return certcrypto.RSA2048
+	}
+}
--- a/internal/applicant/aws.go
+++ b/internal/applicant/aws.go
@@ -0,0 +1,39 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/go-acme/lego/v4/providers/dns/route53"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type aws struct {
+	option *ApplyOption
+}
+
+func NewAws(option *ApplyOption) Applicant {
+	return &aws{
+		option: option,
+	}
+}
+
+func (t *aws) Apply() (*Certificate, error) {
+	access := &domain.AwsAccess{}
+	json.Unmarshal([]byte(t.option.Access), access)
+
+	os.Setenv("AWS_REGION", access.Region)
+	os.Setenv("AWS_ACCESS_KEY_ID", access.AccessKeyId)
+	os.Setenv("AWS_SECRET_ACCESS_KEY", access.SecretAccessKey)
+	os.Setenv("AWS_HOSTED_ZONE_ID", access.HostedZoneId)
+	os.Setenv("AWS_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", t.option.Timeout))
+
+	dnsProvider, err := route53.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(t.option, dnsProvider)
+}
--- a/internal/applicant/cloudflare.go
+++ b/internal/applicant/cloudflare.go
@@ -1,11 +1,13 @@
 package applicant

 import (
-	"certimate/internal/domain"
 	"encoding/json"
+	"fmt"
 	"os"

 	cf "github.com/go-acme/lego/v4/providers/dns/cloudflare"
+
+	"github.com/usual2970/certimate/internal/domain"
 )

 type cloudflare struct {
@@ -23,6 +25,7 @@ func (c *cloudflare) Apply() (*Certificate, error) {
 	json.Unmarshal([]byte(c.option.Access), access)

 	os.Setenv("CLOUDFLARE_DNS_API_TOKEN", access.DnsApiToken)
+	os.Setenv("CLOUDFLARE_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", c.option.Timeout))

 	provider, err := cf.NewDNSProvider()
 	if err != nil {
--- a/internal/applicant/godaddy.go
+++ b/internal/applicant/godaddy.go
@@ -0,0 +1,37 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	godaddyProvider "github.com/go-acme/lego/v4/providers/dns/godaddy"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type godaddy struct {
+	option *ApplyOption
+}
+
+func NewGodaddy(option *ApplyOption) Applicant {
+	return &godaddy{
+		option: option,
+	}
+}
+
+func (a *godaddy) Apply() (*Certificate, error) {
+	access := &domain.GodaddyAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	os.Setenv("GODADDY_API_KEY", access.ApiKey)
+	os.Setenv("GODADDY_API_SECRET", access.ApiSecret)
+	os.Setenv("GODADDY_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+
+	dnsProvider, err := godaddyProvider.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, dnsProvider)
+}
--- a/internal/applicant/httpreq.go
+++ b/internal/applicant/httpreq.go
@@ -0,0 +1,38 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/go-acme/lego/v4/providers/dns/httpreq"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type httpReq struct {
+	option *ApplyOption
+}
+
+func NewHttpreq(option *ApplyOption) Applicant {
+	return &httpReq{
+		option: option,
+	}
+}
+
+func (a *httpReq) Apply() (*Certificate, error) {
+	access := &domain.HttpreqAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	os.Setenv("HTTPREQ_ENDPOINT", access.Endpoint)
+	os.Setenv("HTTPREQ_MODE", access.Mode)
+	os.Setenv("HTTPREQ_USERNAME", access.Username)
+	os.Setenv("HTTPREQ_PASSWORD", access.Password)
+	os.Setenv("HTTPREQ_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	dnsProvider, err := httpreq.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, dnsProvider)
+}
--- a/internal/applicant/huaweicloud.go
+++ b/internal/applicant/huaweicloud.go
@@ -0,0 +1,43 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	huaweicloudProvider "github.com/go-acme/lego/v4/providers/dns/huaweicloud"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type huaweicloud struct {
+	option *ApplyOption
+}
+
+func NewHuaweiCloud(option *ApplyOption) Applicant {
+	return &huaweicloud{
+		option: option,
+	}
+}
+
+func (t *huaweicloud) Apply() (*Certificate, error) {
+	access := &domain.HuaweiCloudAccess{}
+	json.Unmarshal([]byte(t.option.Access), access)
+
+	region := access.Region
+	if region == "" {
+		region = "cn-north-1"
+	}
+
+	os.Setenv("HUAWEICLOUD_REGION", region) // 华为云的 SDK 要求必须传一个区域，实际上 DNS-01 流程里用不到，但不传会报错
+	os.Setenv("HUAWEICLOUD_ACCESS_KEY_ID", access.AccessKeyId)
+	os.Setenv("HUAWEICLOUD_SECRET_ACCESS_KEY", access.SecretAccessKey)
+	os.Setenv("HUAWEICLOUD_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", t.option.Timeout))
+
+	dnsProvider, err := huaweicloudProvider.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(t.option, dnsProvider)
+}
--- a/internal/applicant/namesilo.go
+++ b/internal/applicant/namesilo.go
@@ -1,11 +1,13 @@
 package applicant

 import (
-	"certimate/internal/domain"
 	"encoding/json"
+	"fmt"
 	"os"

 	namesiloProvider "github.com/go-acme/lego/v4/providers/dns/namesilo"
+
+	"github.com/usual2970/certimate/internal/domain"
 )

 type namesilo struct {
@@ -19,11 +21,11 @@ func NewNamesilo(option *ApplyOption) Applicant {
 }

 func (a *namesilo) Apply() (*Certificate, error) {
-
 	access := &domain.NameSiloAccess{}
 	json.Unmarshal([]byte(a.option.Access), access)

 	os.Setenv("NAMESILO_API_KEY", access.ApiKey)
+	os.Setenv("NAMESILO_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))

 	dnsProvider, err := namesiloProvider.NewDNSProvider()
 	if err != nil {
--- a/internal/applicant/pdns.go
+++ b/internal/applicant/pdns.go
@@ -0,0 +1,36 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/go-acme/lego/v4/providers/dns/pdns"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type powerdns struct {
+	option *ApplyOption
+}
+
+func NewPdns(option *ApplyOption) Applicant {
+	return &powerdns{
+		option: option,
+	}
+}
+
+func (a *powerdns) Apply() (*Certificate, error) {
+	access := &domain.PdnsAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	os.Setenv("PDNS_API_URL", access.ApiUrl)
+	os.Setenv("PDNS_API_KEY", access.ApiKey)
+	os.Setenv("PDNS_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	dnsProvider, err := pdns.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, dnsProvider)
+}
--- a/internal/applicant/tencent.go
+++ b/internal/applicant/tencent.go
@@ -1,11 +1,13 @@
 package applicant

 import (
-	"certimate/internal/domain"
 	"encoding/json"
+	"fmt"
 	"os"

 	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
+
+	"github.com/usual2970/certimate/internal/domain"
 )

 type tencent struct {
@@ -19,12 +21,13 @@ func NewTencent(option *ApplyOption) Applicant {
 }

 func (t *tencent) Apply() (*Certificate, error) {
-
 	access := &domain.TencentAccess{}
 	json.Unmarshal([]byte(t.option.Access), access)

 	os.Setenv("TENCENTCLOUD_SECRET_ID", access.SecretId)
 	os.Setenv("TENCENTCLOUD_SECRET_KEY", access.SecretKey)
+	os.Setenv("TENCENTCLOUD_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", t.option.Timeout))
+
 	dnsProvider, err := tencentcloud.NewDNSProvider()
 	if err != nil {
 		return nil, err
--- a/internal/deployer/aliyun.go
+++ b/internal/deployer/aliyun.go
@@ -1,202 +0,0 @@
-package deployer
-
-import (
-	"certimate/internal/applicant"
-	"certimate/internal/domain"
-	"certimate/internal/utils/rand"
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-
-	cas20200407 "github.com/alibabacloud-go/cas-20200407/v2/client"
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
-	"github.com/alibabacloud-go/tea/tea"
-)
-
-type aliyun struct {
-	client *cas20200407.Client
-	option *DeployerOption
-	infos  []string
-}
-
-func NewAliyun(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	json.Unmarshal([]byte(option.Access), access)
-	a := &aliyun{
-		option: option,
-		infos:  make([]string, 0),
-	}
-	client, err := a.createClient(access.AccessKeyId, access.AccessKeySecret)
-	if err != nil {
-		return nil, err
-	}
-	a.client = client
-	return a, nil
-
-}
-
-func (a *aliyun) GetInfo() []string {
-	return a.infos
-}
-
-func (a *aliyun) Deploy(ctx context.Context) error {
-
-	// 查询有没有对应的资源
-	resource, err := a.resource()
-	if err != nil {
-		return err
-	}
-
-	a.infos = append(a.infos, toStr("查询对应的资源", resource))
-
-	// 查询有没有对应的联系人
-	contacts, err := a.contacts()
-	if err != nil {
-		return err
-	}
-
-	a.infos = append(a.infos, toStr("查询联系人", contacts))
-
-	// 上传证书
-	certId, err := a.uploadCert(&a.option.Certificate)
-	if err != nil {
-		return err
-	}
-
-	a.infos = append(a.infos, toStr("上传证书", certId))
-
-	// 部署证书
-	jobId, err := a.deploy(resource, certId, contacts)
-	if err != nil {
-		return err
-	}
-
-	a.infos = append(a.infos, toStr("创建部署证书任务", jobId))
-
-	// 等待部署成功
-	err = a.updateDeployStatus(*jobId)
-	if err != nil {
-		return err
-	}
-
-	// 部署成功后删除旧的证书
-	a.deleteCert(resource)
-
-	return nil
-}
-
-func (a *aliyun) updateDeployStatus(jobId int64) error {
-	// 查询部署状态
-	req := &cas20200407.UpdateDeploymentJobStatusRequest{
-		JobId: tea.Int64(jobId),
-	}
-
-	resp, err := a.client.UpdateDeploymentJobStatus(req)
-	if err != nil {
-		return err
-	}
-	a.infos = append(a.infos, toStr("查询对应的资源", resp))
-	return nil
-}
-
-func (a *aliyun) deleteCert(resource *cas20200407.ListCloudResourcesResponseBodyData) error {
-	// 查询有没有对应的资源
-	if resource.CertId == nil {
-		return nil
-	}
-
-	// 删除证书
-	_, err := a.client.DeleteUserCertificate(&cas20200407.DeleteUserCertificateRequest{
-		CertId: resource.CertId,
-	})
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (a *aliyun) contacts() ([]*cas20200407.ListContactResponseBodyContactList, error) {
-	listContactRequest := &cas20200407.ListContactRequest{}
-	runtime := &util.RuntimeOptions{}
-
-	resp, err := a.client.ListContactWithOptions(listContactRequest, runtime)
-	if err != nil {
-		return nil, err
-	}
-	if resp.Body.TotalCount == nil {
-		return nil, errors.New("no contact found")
-	}
-
-	return resp.Body.ContactList, nil
-}
-
-func (a *aliyun) deploy(resource *cas20200407.ListCloudResourcesResponseBodyData, certId int64, contacts []*cas20200407.ListContactResponseBodyContactList) (*int64, error) {
-	contactIds := make([]string, 0, len(contacts))
-	for _, contact := range contacts {
-		contactIds = append(contactIds, fmt.Sprintf("%d", *contact.ContactId))
-	}
-	// 部署证书
-	createCloudResourceRequest := &cas20200407.CreateDeploymentJobRequest{
-		CertIds:     tea.String(fmt.Sprintf("%d", certId)),
-		Name:        tea.String(a.option.Domain + rand.RandStr(6)),
-		JobType:     tea.String("user"),
-		ResourceIds: tea.String(fmt.Sprintf("%d", *resource.Id)),
-		ContactIds:  tea.String(strings.Join(contactIds, ",")),
-	}
-	runtime := &util.RuntimeOptions{}
-
-	resp, err := a.client.CreateDeploymentJobWithOptions(createCloudResourceRequest, runtime)
-	if err != nil {
-		return nil, err
-	}
-	return resp.Body.JobId, nil
-}
-
-func (a *aliyun) uploadCert(cert *applicant.Certificate) (int64, error) {
-	uploadUserCertificateRequest := &cas20200407.UploadUserCertificateRequest{
-		Cert: &cert.Certificate,
-		Key:  &cert.PrivateKey,
-		Name: tea.String(a.option.Domain + rand.RandStr(6)),
-	}
-	runtime := &util.RuntimeOptions{}
-
-	resp, err := a.client.UploadUserCertificateWithOptions(uploadUserCertificateRequest, runtime)
-	if err != nil {
-		return 0, err
-	}
-
-	return *resp.Body.CertId, nil
-}
-
-func (a *aliyun) createClient(accessKeyId, accessKeySecret string) (_result *cas20200407.Client, _err error) {
-	config := &openapi.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-	config.Endpoint = tea.String("cas.aliyuncs.com")
-	_result = &cas20200407.Client{}
-	_result, _err = cas20200407.NewClient(config)
-	return _result, _err
-}
-
-func (a *aliyun) resource() (*cas20200407.ListCloudResourcesResponseBodyData, error) {
-
-	listCloudResourcesRequest := &cas20200407.ListCloudResourcesRequest{
-		CloudProduct: tea.String(a.option.Product),
-		Keyword:      tea.String(a.option.Domain),
-	}
-
-	resp, err := a.client.ListCloudResources(listCloudResourcesRequest)
-	if err != nil {
-		return nil, err
-	}
-
-	if *resp.Body.Total == 0 {
-		return nil, errors.New("no resource found")
-	}
-
-	return resp.Body.Data[0], nil
-}
--- a/internal/deployer/aliyun_alb.go
+++ b/internal/deployer/aliyun_alb.go
@@ -0,0 +1,281 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+
+	aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderAliyunCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+)
+
+type AliyunALBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *aliyunAlb.Client
+	sslUploader uploader.Uploader
+}
+
+func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunALBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	aliCasRegion := option.DeployConfig.GetConfigAsString("region")
+	if aliCasRegion != "" {
+		// 阿里云 CAS 服务接入点是独立于 ALB 服务的
+		// 国内版接入点：华东一杭州
+		// 国际版接入点：亚太东南一新加坡
+		if !strings.HasPrefix(aliCasRegion, "cn-") {
+			aliCasRegion = "ap-southeast-1"
+		} else {
+			aliCasRegion = "cn-hangzhou"
+		}
+	}
+	uploader, err := uploaderAliyunCas.New(&uploaderAliyunCas.AliyunCASUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		AccessKeySecret: access.AccessKeySecret,
+		Region:          aliCasRegion,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &AliyunALBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *AliyunALBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunALBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunALBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "loadbalancer":
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *AliyunALBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunAlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // ALB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou-finance":
+		endpoint = "alb.cn-hangzhou.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunAlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	aliListenerIds := make([]string, 0)
+
+	// 查询负载均衡实例的详细信息
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
+	getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+	}
+	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例", getLoadBalancerAttributeResp))
+
+	// 查询 HTTPS 监听列表
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
+	listListenersPage := 1
+	listListenersLimit := int32(100)
+	var listListenersToken *string = nil
+	for {
+		listListenersReq := &aliyunAlb.ListListenersRequest{
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("HTTPS"),
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
+		}
+
+		if listListenersResp.Body.Listeners != nil {
+			for _, listener := range listListenersResp.Body.Listeners {
+				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
+			}
+		}
+
+		if listListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = listListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 HTTPS 监听", aliListenerIds))
+
+	// 查询 QUIC 监听列表
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
+	listListenersPage = 1
+	listListenersToken = nil
+	for {
+		listListenersReq := &aliyunAlb.ListListenersRequest{
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("QUIC"),
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
+		}
+
+		if listListenersResp.Body.Listeners != nil {
+			for _, listener := range listListenersResp.Body.Listeners {
+				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
+			}
+		}
+
+		if listListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = listListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", aliListenerIds))
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听证书
+	var errs []error
+	for _, aliListenerId := range aliListenerIds {
+		if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *AliyunALBDeployer) deployToListener(ctx context.Context) error {
+	aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if aliListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听
+	if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error {
+	// 查询监听的属性
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getlistenerattribute
+	getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
+		ListenerId: tea.String(aliListenerId),
+	}
+	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 监听配置", getListenerAttributeResp))
+
+	// 修改监听的属性
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
+	updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
+		ListenerId: tea.String(aliListenerId),
+		Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
+			CertificateId: tea.String(aliCertId),
+		}},
+	}
+	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 ALB 监听配置", updateListenerAttributeResp))
+
+	return nil
+}
--- a/internal/deployer/aliyun_cdn.go
+++ b/internal/deployer/aliyun_cdn.go
@@ -1,77 +1,88 @@
 package deployer

 import (
-	"certimate/internal/domain"
 	"context"
 	"encoding/json"
 	"fmt"
+	"time"

-	cdn20180510 "github.com/alibabacloud-go/cdn-20180510/v5/client"
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
+	aliyunCdn "github.com/alibabacloud-go/cdn-20180510/v5/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
 )

-type AliyunCdn struct {
-	client *cdn20180510.Client
+type AliyunCDNDeployer struct {
 	option *DeployerOption
 	infos  []string
+
+	sdkClient *aliyunCdn.Client
 }

-func NewAliyunCdn(option *DeployerOption) (*AliyunCdn, error) {
+func NewAliyunCDNDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.AliyunAccess{}
-	json.Unmarshal([]byte(option.Access), access)
-	a := &AliyunCdn{
-		option: option,
-	}
-	client, err := a.createClient(access.AccessKeyId, access.AccessKeySecret)
-	if err != nil {
-		return nil, err
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
 	}

-	return &AliyunCdn{
-		client: client,
-		option: option,
-		infos:  make([]string, 0),
+	client, err := (&AliyunCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunCDNDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		sdkClient: client,
 	}, nil
 }

-func (a *AliyunCdn) GetInfo() []string {
-	return a.infos
+func (d *AliyunCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (a *AliyunCdn) Deploy(ctx context.Context) error {
+func (d *AliyunCDNDeployer) GetInfos() []string {
+	return d.infos
+}

-	certName := fmt.Sprintf("%s-%s", a.option.Domain, a.option.DomainId)
-	setCdnDomainSSLCertificateRequest := &cdn20180510.SetCdnDomainSSLCertificateRequest{
-		DomainName:  tea.String(a.option.Domain),
-		CertName:    tea.String(certName),
+func (d *AliyunCDNDeployer) Deploy(ctx context.Context) error {
+	// 设置 CDN 域名域名证书
+	// REF: https://help.aliyun.com/zh/cdn/developer-reference/api-cdn-2018-05-10-setcdndomainsslcertificate
+	setCdnDomainSSLCertificateReq := &aliyunCdn.SetCdnDomainSSLCertificateRequest{
+		DomainName:  tea.String(d.option.DeployConfig.GetConfigAsString("domain")),
+		CertRegion:  tea.String(d.option.DeployConfig.GetConfigOrDefaultAsString("region", "cn-hangzhou")),
+		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
 		CertType:    tea.String("upload"),
 		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(a.option.Certificate.Certificate),
-		SSLPri:      tea.String(a.option.Certificate.PrivateKey),
-		CertRegion:  tea.String("cn-hangzhou"),
+		SSLPub:      tea.String(d.option.Certificate.Certificate),
+		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
 	}
-
-	runtime := &util.RuntimeOptions{}
-
-	resp, err := a.client.SetCdnDomainSSLCertificateWithOptions(setCdnDomainSSLCertificateRequest, runtime)
+	setCdnDomainSSLCertificateResp, err := d.sdkClient.SetCdnDomainSSLCertificate(setCdnDomainSSLCertificateReq)
 	if err != nil {
-		return err
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate'")
 	}

-	a.infos = append(a.infos, toStr("cdn设置证书", resp))
+	d.infos = append(d.infos, toStr("已设置 CDN 域名证书", setCdnDomainSSLCertificateResp))

 	return nil
 }

-func (a *AliyunCdn) createClient(accessKeyId, accessKeySecret string) (_result *cdn20180510.Client, _err error) {
-	config := &openapi.Config{
+func (d *AliyunCDNDeployer) createSdkClient(accessKeyId, accessKeySecret string) (*aliyunCdn.Client, error) {
+	aConfig := &aliyunOpen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
+		Endpoint:        tea.String("cdn.aliyuncs.com"),
 	}
-	config.Endpoint = tea.String("cdn.aliyuncs.com")
-	_result = &cdn20180510.Client{}
-	_result, _err = cdn20180510.NewClient(config)
-	return _result, _err
+
+	client, err := aliyunCdn.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
 }
--- a/internal/deployer/aliyun_clb.go
+++ b/internal/deployer/aliyun_clb.go
@@ -0,0 +1,285 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderAliyunSlb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-slb"
+)
+
+type AliyunCLBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *aliyunSlb.Client
+	sslUploader uploader.Uploader
+}
+
+func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunCLBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderAliyunSlb.New(&uploaderAliyunSlb.AliyunSLBUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		AccessKeySecret: access.AccessKeySecret,
+		Region:          option.DeployConfig.GetConfigAsString("region"),
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &AliyunCLBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *AliyunCLBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunCLBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunCLBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "loadbalancer":
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *AliyunCLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // CLB(SLB) 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou":
+	case "cn-hangzhou-finance":
+	case "cn-shanghai-finance-1":
+	case "cn-shenzhen-finance-1":
+		endpoint = "slb.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunSlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	aliListenerPorts := make([]int32, 0)
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	// 查询负载均衡实例的详细信息
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
+	describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
+		RegionId:       tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+	}
+	describeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttribute(describeLoadBalancerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例", describeLoadBalancerAttributeResp))
+
+	// 查询 HTTPS 监听列表
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners
+	listListenersPage := 1
+	listListenersLimit := int32(100)
+	var listListenersToken *string = nil
+	for {
+		describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
+			RegionId:         tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerId:   []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("https"),
+		}
+		describeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListeners(describeLoadBalancerListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerListeners'")
+		}
+
+		if describeLoadBalancerListenersResp.Body.Listeners != nil {
+			for _, listener := range describeLoadBalancerListenersResp.Body.Listeners {
+				aliListenerPorts = append(aliListenerPorts, *listener.ListenerPort)
+			}
+		}
+
+		if describeLoadBalancerListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = describeLoadBalancerListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", aliListenerPorts))
+
+	// 上传证书到 SLB
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听证书
+	var errs []error
+	for _, aliListenerPort := range aliListenerPorts {
+		if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *AliyunCLBDeployer) deployToListener(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	aliListenerPort := d.option.DeployConfig.GetConfigAsInt32("listenerPort")
+	if aliListenerPort == 0 {
+		return errors.New("`listenerPort` is required")
+	}
+
+	// 上传证书到 SLB
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听
+	if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLoadbalancerId string, aliListenerPort int32, aliCertId string) error {
+	// 查询监听配置
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerhttpslistenerattribute
+	describeLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.DescribeLoadBalancerHTTPSListenerAttributeRequest{
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+		ListenerPort:   tea.Int32(aliListenerPort),
+	}
+	describeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttribute(describeLoadBalancerHTTPSListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp))
+
+	// 查询扩展域名
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
+	describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
+		RegionId:       tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+		ListenerPort:   tea.Int32(aliListenerPort),
+	}
+	describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB 扩展域名", describeDomainExtensionsResp))
+
+	// 遍历修改扩展域名
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
+	//
+	// 这里仅修改跟被替换证书一致的扩展域名
+	if describeDomainExtensionsResp.Body.DomainExtensions == nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension == nil {
+		for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
+			if *domainExtension.ServerCertificateId == *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
+				break
+			}
+
+			setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
+				RegionId:            tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+				DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
+				ServerCertificateId: tea.String(aliCertId),
+			}
+			_, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'")
+			}
+		}
+	}
+
+	// 修改监听配置
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
+	//
+	// 注意修改监听配置要放在修改扩展域名之后
+	setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
+		RegionId:            tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+		LoadBalancerId:      tea.String(aliLoadbalancerId),
+		ListenerPort:        tea.Int32(aliListenerPort),
+		ServerCertificateId: tea.String(aliCertId),
+	}
+	setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp))
+
+	return nil
+}
--- a/internal/deployer/aliyun_dcdn.go
+++ b/internal/deployer/aliyun_dcdn.go
@@ -0,0 +1,95 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunDcdn "github.com/alibabacloud-go/dcdn-20180115/v3/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type AliyunDCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient *aliyunDcdn.Client
+}
+
+func NewAliyunDCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunDCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunDCDNDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *AliyunDCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunDCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunDCDNDeployer) Deploy(ctx context.Context) error {
+	// 支持泛解析域名，在 Aliyun DCDN 中泛解析域名表示为 .example.com
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domain = strings.TrimPrefix(domain, "*")
+	}
+
+	// 配置域名证书
+	// REF: https://help.aliyun.com/zh/edge-security-acceleration/dcdn/developer-reference/api-dcdn-2018-01-15-setdcdndomainsslcertificate
+	setDcdnDomainSSLCertificateReq := &aliyunDcdn.SetDcdnDomainSSLCertificateRequest{
+		DomainName:  tea.String(domain),
+		CertRegion:  tea.String(d.option.DeployConfig.GetConfigOrDefaultAsString("region", "cn-hangzhou")),
+		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
+		CertType:    tea.String("upload"),
+		SSLProtocol: tea.String("on"),
+		SSLPub:      tea.String(d.option.Certificate.Certificate),
+		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
+	}
+	setDcdnDomainSSLCertificateResp, err := d.sdkClient.SetDcdnDomainSSLCertificate(setDcdnDomainSSLCertificateReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate'")
+	}
+
+	d.infos = append(d.infos, toStr("已配置 DCDN 域名证书", setDcdnDomainSSLCertificateResp))
+
+	return nil
+}
+
+func (d *AliyunDCDNDeployer) createSdkClient(accessKeyId, accessKeySecret string) (*aliyunDcdn.Client, error) {
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+		Endpoint:        tea.String("dcdn.aliyuncs.com"),
+	}
+
+	client, err := aliyunDcdn.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/aliyun_nlb.go
+++ b/internal/deployer/aliyun_nlb.go
@@ -0,0 +1,245 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunNlb "github.com/alibabacloud-go/nlb-20220430/v2/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderAliyunCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+)
+
+type AliyunNLBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *aliyunNlb.Client
+	sslUploader uploader.Uploader
+}
+
+func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunNLBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	aliCasRegion := option.DeployConfig.GetConfigAsString("region")
+	if aliCasRegion != "" {
+		// 阿里云 CAS 服务接入点是独立于 NLB 服务的
+		// 国内版接入点：华东一杭州
+		// 国际版接入点：亚太东南一新加坡
+		if !strings.HasPrefix(aliCasRegion, "cn-") {
+			aliCasRegion = "ap-southeast-1"
+		} else {
+			aliCasRegion = "cn-hangzhou"
+		}
+	}
+	uploader, err := uploaderAliyunCas.New(&uploaderAliyunCas.AliyunCASUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		AccessKeySecret: access.AccessKeySecret,
+		Region:          aliCasRegion,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &AliyunNLBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *AliyunNLBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunNLBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunNLBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "loadbalancer":
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *AliyunNLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // NLB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	default:
+		endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunNlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	aliListenerIds := make([]string, 0)
+
+	// 查询负载均衡实例的详细信息
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
+	getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+	}
+	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetLoadBalancerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例", getLoadBalancerAttributeResp))
+
+	// 查询 TCPSSL 监听列表
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners
+	listListenersPage := 1
+	listListenersLimit := int32(100)
+	var listListenersToken *string = nil
+	for {
+		listListenersReq := &aliyunNlb.ListListenersRequest{
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("TCPSSL"),
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'nlb.ListListeners'")
+		}
+
+		if listListenersResp.Body.Listeners != nil {
+			for _, listener := range listListenersResp.Body.Listeners {
+				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
+			}
+		}
+
+		if listListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = listListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", aliListenerIds))
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听证书
+	var errs []error
+	for _, aliListenerId := range aliListenerIds {
+		if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *AliyunNLBDeployer) deployToListener(ctx context.Context) error {
+	aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if aliListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听
+	if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error {
+	// 查询监听的属性
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getlistenerattribute
+	getListenerAttributeReq := &aliyunNlb.GetListenerAttributeRequest{
+		ListenerId: tea.String(aliListenerId),
+	}
+	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 NLB 监听配置", getListenerAttributeResp))
+
+	// 修改监听的属性
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-updatelistenerattribute
+	updateListenerAttributeReq := &aliyunNlb.UpdateListenerAttributeRequest{
+		ListenerId:     tea.String(aliListenerId),
+		CertificateIds: []*string{tea.String(aliCertId)},
+	}
+	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.UpdateListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 NLB 监听配置", updateListenerAttributeResp))
+
+	return nil
+}
--- a/internal/deployer/aliyun_oss.go
+++ b/internal/deployer/aliyun_oss.go
@@ -0,0 +1,86 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/aliyun/aliyun-oss-go-sdk/oss"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type AliyunOSSDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient *oss.Client
+}
+
+func NewAliyunOSSDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunOSSDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("endpoint"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunOSSDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *AliyunOSSDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunOSSDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunOSSDeployer) Deploy(ctx context.Context) error {
+	aliBucket := d.option.DeployConfig.GetConfigAsString("bucket")
+	if aliBucket == "" {
+		return errors.New("`bucket` is required")
+	}
+
+	// 为存储空间绑定自定义域名
+	// REF: https://help.aliyun.com/zh/oss/developer-reference/putcname
+	err := d.sdkClient.PutBucketCnameWithCertificate(aliBucket, oss.PutBucketCname{
+		Cname: d.option.DeployConfig.GetConfigAsString("domain"),
+		CertificateConfiguration: &oss.CertificateConfiguration{
+			Certificate: d.option.Certificate.Certificate,
+			PrivateKey:  d.option.Certificate.PrivateKey,
+			Force:       true,
+		},
+	})
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'oss.PutBucketCnameWithCertificate'")
+	}
+
+	return nil
+}
+
+func (d *AliyunOSSDeployer) createSdkClient(accessKeyId, accessKeySecret, endpoint string) (*oss.Client, error) {
+	if endpoint == "" {
+		endpoint = "oss.aliyuncs.com"
+	}
+
+	client, err := oss.New(endpoint, accessKeyId, accessKeySecret)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/baiducloud_cdn.go
+++ b/internal/deployer/baiducloud_cdn.go
@@ -0,0 +1,80 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	bceCdn "github.com/baidubce/bce-sdk-go/services/cdn"
+	bceCdnApi "github.com/baidubce/bce-sdk-go/services/cdn/api"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type BaiduCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient *bceCdn.Client
+}
+
+func NewBaiduCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.BaiduCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&BaiduCloudCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.SecretAccessKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &BaiduCloudCDNDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *BaiduCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *BaiduCloudCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *BaiduCloudCDNDeployer) Deploy(ctx context.Context) error {
+	// 修改域名证书
+	// REF: https://cloud.baidu.com/doc/CDN/s/qjzuz2hp8
+	putCertResp, err := d.sdkClient.PutCert(
+		d.option.DeployConfig.GetConfigAsString("domain"),
+		&bceCdnApi.UserCertificate{
+			CertName:    fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
+			ServerData:  d.option.Certificate.Certificate,
+			PrivateData: d.option.Certificate.PrivateKey,
+		},
+		"ON",
+	)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.PutCert'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改域名证书", putCertResp))
+
+	return nil
+}
+
+func (d *BaiduCloudCDNDeployer) createSdkClient(accessKeyId, secretAccessKey string) (*bceCdn.Client, error) {
+	client, err := bceCdn.NewClient(accessKeyId, secretAccessKey, "")
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -1,44 +1,104 @@
 package deployer

 import (
-	"certimate/internal/applicant"
+	"bytes"
 	"context"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
-	"strings"
+	"fmt"
+	"time"

+	"github.com/pavlo-v-chernykh/keystore-go/v4"
 	"github.com/pocketbase/pocketbase/models"
+	"software.sslmate.com/src/go-pkcs12"
+
+	"github.com/usual2970/certimate/internal/applicant"
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/utils/app"
 )

 const (
-	targetAliyunOss  = "aliyun-oss"
-	targetAliyunCdn  = "aliyun-cdn"
-	targetSSH        = "ssh"
-	targetWebhook    = "webhook"
-	targetTencentCdn = "tencent-cdn"
-	targetQiniuCdn   = "qiniu-cdn"
+	targetAliyunOSS      = "aliyun-oss"
+	targetAliyunCDN      = "aliyun-cdn"
+	targetAliyunDCDN     = "aliyun-dcdn"
+	targetAliyunCLB      = "aliyun-clb"
+	targetAliyunALB      = "aliyun-alb"
+	targetAliyunNLB      = "aliyun-nlb"
+	targetTencentCDN     = "tencent-cdn"
+	targetTencentECDN    = "tencent-ecdn"
+	targetTencentCLB     = "tencent-clb"
+	targetTencentCOS     = "tencent-cos"
+	targetTencentTEO     = "tencent-teo"
+	targetHuaweiCloudCDN = "huaweicloud-cdn"
+	targetHuaweiCloudELB = "huaweicloud-elb"
+	targetBaiduCloudCDN  = "baiducloud-cdn"
+	targetQiniuCdn       = "qiniu-cdn"
+	targetDogeCloudCdn   = "dogecloud-cdn"
+	targetLocal          = "local"
+	targetSSH            = "ssh"
+	targetWebhook        = "webhook"
+	targetK8sSecret      = "k8s-secret"
 )

 type DeployerOption struct {
-	DomainId    string                `json:"domainId"`
-	Domain      string                `json:"domain"`
-	Product     string                `json:"product"`
-	Access      string                `json:"access"`
-	Certificate applicant.Certificate `json:"certificate"`
+	DomainId     string                `json:"domainId"`
+	Domain       string                `json:"domain"`
+	Access       string                `json:"access"`
+	AccessRecord *models.Record        `json:"-"`
+	DeployConfig domain.DeployConfig   `json:"deployConfig"`
+	Certificate  applicant.Certificate `json:"certificate"`
+	Variables    map[string]string     `json:"variables"`
 }

 type Deployer interface {
 	Deploy(ctx context.Context) error
-	GetInfo() []string
+	GetInfos() []string
+	GetID() string
 }

-func Get(record *models.Record, cert *applicant.Certificate) (Deployer, error) {
-	access := record.ExpandedOne("targetAccess")
+func Gets(record *models.Record, cert *applicant.Certificate) ([]Deployer, error) {
+	rs := make([]Deployer, 0)
+	if record.GetString("deployConfig") == "" {
+		return rs, nil
+	}
+
+	deployConfigs := make([]domain.DeployConfig, 0)
+
+	err := record.UnmarshalJSONField("deployConfig", &deployConfigs)
+	if err != nil {
+		return nil, fmt.Errorf("解析部署配置失败: %w", err)
+	}
+
+	if len(deployConfigs) == 0 {
+		return rs, nil
+	}
+
+	for _, deployConfig := range deployConfigs {
+		deployer, err := getWithDeployConfig(record, cert, deployConfig)
+		if err != nil {
+			return nil, err
+		}
+
+		rs = append(rs, deployer)
+	}
+
+	return rs, nil
+}
+
+func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, deployConfig domain.DeployConfig) (Deployer, error) {
+	access, err := app.GetApp().Dao().FindRecordById("access", deployConfig.Access)
+	if err != nil {
+		return nil, fmt.Errorf("access record not found: %w", err)
+	}
+
 	option := &DeployerOption{
-		DomainId: record.Id,
-		Domain:   record.GetString("domain"),
-		Product:  getProduct(record),
-		Access:   access.GetString("config"),
+		DomainId:     record.Id,
+		Domain:       record.GetString("domain"),
+		Access:       access.GetString("config"),
+		AccessRecord: access,
+		DeployConfig: deployConfig,
 	}
 	if cert != nil {
 		option.Certificate = *cert
@@ -49,30 +109,49 @@ func Get(record *models.Record, cert *applicant.Certificate) (Deployer, error) {
 		}
 	}

-	switch record.GetString("targetType") {
-	case targetAliyunOss:
-		return NewAliyun(option)
-	case targetAliyunCdn:
-		return NewAliyunCdn(option)
-	case targetSSH:
-		return NewSSH(option)
-	case targetWebhook:
-		return NewWebhook(option)
-	case targetTencentCdn:
-		return NewTencentCdn(option)
+	switch deployConfig.Type {
+	case targetAliyunOSS:
+		return NewAliyunOSSDeployer(option)
+	case targetAliyunCDN:
+		return NewAliyunCDNDeployer(option)
+	case targetAliyunDCDN:
+		return NewAliyunDCDNDeployer(option)
+	case targetAliyunCLB:
+		return NewAliyunCLBDeployer(option)
+	case targetAliyunALB:
+		return NewAliyunALBDeployer(option)
+	case targetAliyunNLB:
+		return NewAliyunNLBDeployer(option)
+	case targetTencentCDN:
+		return NewTencentCDNDeployer(option)
+	case targetTencentECDN:
+		return NewTencentECDNDeployer(option)
+	case targetTencentCLB:
+		return NewTencentCLBDeployer(option)
+	case targetTencentCOS:
+		return NewTencentCOSDeployer(option)
+	case targetTencentTEO:
+		return NewTencentTEODeployer(option)
+	case targetHuaweiCloudCDN:
+		return NewHuaweiCloudCDNDeployer(option)
+	case targetHuaweiCloudELB:
+		return NewHuaweiCloudELBDeployer(option)
+	case targetBaiduCloudCDN:
+		return NewBaiduCloudCDNDeployer(option)
 	case targetQiniuCdn:
-		return NewQiNiu(option)
+		return NewQiniuCDNDeployer(option)
+	case targetDogeCloudCdn:
+		return NewDogeCloudCDNDeployer(option)
+	case targetLocal:
+		return NewLocalDeployer(option)
+	case targetSSH:
+		return NewSSHDeployer(option)
+	case targetWebhook:
+		return NewWebhookDeployer(option)
+	case targetK8sSecret:
+		return NewK8sSecretDeployer(option)
 	}
-	return nil, errors.New("not implemented")
-}
-
-func getProduct(record *models.Record) string {
-	targetType := record.GetString("targetType")
-	rs := strings.Split(targetType, "-")
-	if len(rs) < 2 {
-		return ""
-	}
-	return rs[1]
+	return nil, errors.New("unsupported deploy target")
 }

 func toStr(tag string, data any) string {
@@ -82,3 +161,57 @@ func toStr(tag string, data any) string {
 	byts, _ := json.Marshal(data)
 	return tag + "：" + string(byts)
 }
+
+func convertPEMToPFX(certificate string, privateKey string, password string) ([]byte, error) {
+	cert, err := x509.ParseCertificateFromPEM(certificate)
+	if err != nil {
+		return nil, err
+	}
+
+	privkey, err := x509.ParsePKCS1PrivateKeyFromPEM(privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	pfxData, err := pkcs12.LegacyRC2.Encode(privkey, cert, nil, password)
+	if err != nil {
+		return nil, err
+	}
+
+	return pfxData, nil
+}
+
+func convertPEMToJKS(certificate string, privateKey string, alias string, keypass string, storepass string) ([]byte, error) {
+	certBlock, _ := pem.Decode([]byte(certificate))
+	if certBlock == nil {
+		return nil, errors.New("failed to decode certificate PEM")
+	}
+
+	privkeyBlock, _ := pem.Decode([]byte(privateKey))
+	if privkeyBlock == nil {
+		return nil, errors.New("failed to decode private key PEM")
+	}
+
+	ks := keystore.New()
+	entry := keystore.PrivateKeyEntry{
+		CreationTime: time.Now(),
+		PrivateKey:   privkeyBlock.Bytes,
+		CertificateChain: []keystore.Certificate{
+			{
+				Type:    "X509",
+				Content: certBlock.Bytes,
+			},
+		},
+	}
+
+	if err := ks.SetPrivateKeyEntry(alias, entry, []byte(keypass)); err != nil {
+		return nil, err
+	}
+
+	var buf bytes.Buffer
+	if err := ks.Store(&buf, []byte(storepass)); err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
--- a/internal/deployer/dogecloud_cdn.go
+++ b/internal/deployer/dogecloud_cdn.go
@@ -0,0 +1,88 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strconv"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderDoge "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/dogecloud"
+	doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
+)
+
+type DogeCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *doge.Client
+	sslUploader uploader.Uploader
+}
+
+func NewDogeCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.DogeCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&DogeCloudCDNDeployer{}).createSdkClient(
+		access.AccessKey,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderDoge.New(&uploaderDoge.DogeCloudUploaderConfig{
+		AccessKey: access.AccessKey,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &DogeCloudCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *DogeCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *DogeCloudCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *DogeCloudCDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 CDN
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 绑定证书
+	// REF: https://docs.dogecloud.com/cdn/api-cert-bind
+	bindCdnCertId, _ := strconv.ParseInt(upres.CertId, 10, 64)
+	bindCdnCertResp, err := d.sdkClient.BindCdnCertWithDomain(bindCdnCertId, d.option.DeployConfig.GetConfigAsString("domain"))
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BindCdnCert'")
+	}
+
+	d.infos = append(d.infos, toStr("已绑定证书", bindCdnCertResp))
+
+	return nil
+}
+
+func (d *DogeCloudCDNDeployer) createSdkClient(accessKey, secretKey string) (*doge.Client, error) {
+	client := doge.NewClient(accessKey, secretKey)
+	return client, nil
+}
--- a/internal/deployer/huaweicloud_cdn.go
+++ b/internal/deployer/huaweicloud_cdn.go
@@ -0,0 +1,143 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
+	hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
+	hcCdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderHcScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	hcCdnEx "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-cdn-sdk"
+)
+
+type HuaweiCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *hcCdnEx.Client
+	sslUploader uploader.Uploader
+}
+
+func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.HuaweiCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&HuaweiCloudCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.SecretAccessKey,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderHcScm.New(&uploaderHcScm.HuaweiCloudSCMUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		SecretAccessKey: access.SecretAccessKey,
+		Region:          "",
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &HuaweiCloudCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *HuaweiCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *HuaweiCloudCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 查询加速域名配置
+	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
+	showDomainFullConfigReq := &hcCdnModel.ShowDomainFullConfigRequest{
+		DomainName: d.option.DeployConfig.GetConfigAsString("domain"),
+	}
+	showDomainFullConfigResp, err := d.sdkClient.ShowDomainFullConfig(showDomainFullConfigReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.ShowDomainFullConfig'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到加速域名配置", showDomainFullConfigResp))
+
+	// 更新加速域名配置
+	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
+	// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html
+	updateDomainMultiCertificatesReqBodyContent := &hcCdnEx.UpdateDomainMultiCertificatesExRequestBodyContent{}
+	updateDomainMultiCertificatesReqBodyContent.DomainName = d.option.DeployConfig.GetConfigAsString("domain")
+	updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
+	updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
+	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
+	updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
+	updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
+	updateDomainMultiCertificatesReq := &hcCdnEx.UpdateDomainMultiCertificatesExRequest{
+		Body: &hcCdnEx.UpdateDomainMultiCertificatesExRequestBody{
+			Https: updateDomainMultiCertificatesReqBodyContent,
+		},
+	}
+	updateDomainMultiCertificatesResp, err := d.sdkClient.UploadDomainMultiCertificatesEx(updateDomainMultiCertificatesReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadDomainMultiCertificatesEx'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新加速域名配置", updateDomainMultiCertificatesResp))
+
+	return nil
+}
+
+func (d *HuaweiCloudCDNDeployer) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnEx.Client, error) {
+	if region == "" {
+		region = "cn-north-1" // CDN 服务默认区域：华北一北京
+	}
+
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcCdnRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcCdn.CdnClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcCdnEx.NewClient(hcClient)
+	return client, nil
+}
--- a/internal/deployer/huaweicloud_elb.go
+++ b/internal/deployer/huaweicloud_elb.go
@@ -0,0 +1,386 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
+	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
+	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
+	hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
+	hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
+	hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderHcElb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+)
+
+type HuaweiCloudELBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *hcElb.ElbClient
+	sslUploader uploader.Uploader
+}
+
+func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.HuaweiCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&HuaweiCloudELBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.SecretAccessKey,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderHcElb.New(&uploaderHcElb.HuaweiCloudELBUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		SecretAccessKey: access.SecretAccessKey,
+		Region:          option.DeployConfig.GetConfigAsString("region"),
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &HuaweiCloudELBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *HuaweiCloudELBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *HuaweiCloudELBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *HuaweiCloudELBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "certificate":
+		// 部署到指定证书
+		if err := d.deployToCertificate(ctx); err != nil {
+			return err
+		}
+	case "loadbalancer":
+		// 部署到指定负载均衡器
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		// 部署到指定监听器
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
+	if region == "" {
+		region = "cn-north-4" // ELB 服务默认区域：华北四北京
+	}
+
+	projectId, err := (&HuaweiCloudELBDeployer{}).getSdkProjectId(
+		accessKeyId,
+		secretAccessKey,
+		region,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		WithProjectId(projectId).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcElbRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcElb.ElbClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcElb.NewElbClient(hcClient)
+	return client, nil
+}
+
+func (u *HuaweiCloudELBDeployer) getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error) {
+	if region == "" {
+		region = "cn-north-4" // IAM 服务默认区域：华北四北京
+	}
+
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	hcRegion, err := hcIamRegion.SafeValueOf(region)
+	if err != nil {
+		return "", err
+	}
+
+	hcClient, err := hcIam.IamClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	client := hcIam.NewIamClient(hcClient)
+	if err != nil {
+		return "", err
+	}
+
+	request := &hcIamModel.KeystoneListProjectsRequest{
+		Name: &region,
+	}
+	response, err := client.KeystoneListProjects(request)
+	if err != nil {
+		return "", err
+	} else if response.Projects == nil || len(*response.Projects) == 0 {
+		return "", errors.New("no project found")
+	}
+
+	return (*response.Projects)[0].Id, nil
+}
+
+func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context) error {
+	hcCertId := d.option.DeployConfig.GetConfigAsString("certificateId")
+	if hcCertId == "" {
+		return errors.New("`certificateId` is required")
+	}
+
+	// 更新证书
+	// REF: https://support.huaweicloud.com/api-elb/UpdateCertificate.html
+	updateCertificateReq := &hcElbModel.UpdateCertificateRequest{
+		CertificateId: hcCertId,
+		Body: &hcElbModel.UpdateCertificateRequestBody{
+			Certificate: &hcElbModel.UpdateCertificateOption{
+				Certificate: cast.StringPtr(d.option.Certificate.Certificate),
+				PrivateKey:  cast.StringPtr(d.option.Certificate.PrivateKey),
+			},
+		},
+	}
+	updateCertificateResp, err := d.sdkClient.UpdateCertificate(updateCertificateReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.UpdateCertificate'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 ELB 证书", updateCertificateResp))
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	hcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if hcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	hcListenerIds := make([]string, 0)
+
+	// 查询负载均衡器详情
+	// REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html
+	showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{
+		LoadbalancerId: hcLoadbalancerId,
+	}
+	showLoadBalancerResp, err := d.sdkClient.ShowLoadBalancer(showLoadBalancerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowLoadBalancer'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器", showLoadBalancerResp))
+
+	// 查询监听器列表
+	// REF: https://support.huaweicloud.com/api-elb/ListListeners.html
+	listListenersLimit := int32(2000)
+	var listListenersMarker *string = nil
+	for {
+		listListenersReq := &hcElbModel.ListListenersRequest{
+			Limit:          cast.Int32Ptr(listListenersLimit),
+			Marker:         listListenersMarker,
+			Protocol:       &[]string{"HTTPS", "TERMINATED_HTTPS"},
+			LoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'elb.ListListeners'")
+		}
+
+		if listListenersResp.Listeners != nil {
+			for _, listener := range *listListenersResp.Listeners {
+				hcListenerIds = append(hcListenerIds, listener.Id)
+			}
+		}
+
+		if listListenersResp.Listeners == nil || len(*listListenersResp.Listeners) < int(listListenersLimit) {
+			break
+		} else {
+			listListenersMarker = listListenersResp.PageInfo.NextMarker
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", hcListenerIds))
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听器证书
+	var errs []error
+	for _, hcListenerId := range hcListenerIds {
+		if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error {
+	hcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if hcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听器证书
+	if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context, hcListenerId string, hcCertId string) error {
+	// 查询监听器详情
+	// REF: https://support.huaweicloud.com/api-elb/ShowListener.html
+	showListenerReq := &hcElbModel.ShowListenerRequest{
+		ListenerId: hcListenerId,
+	}
+	showListenerResp, err := d.sdkClient.ShowListener(showListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ELB 监听器", showListenerResp))
+
+	// 更新监听器
+	// REF: https://support.huaweicloud.com/api-elb/UpdateListener.html
+	updateListenerReq := &hcElbModel.UpdateListenerRequest{
+		ListenerId: hcListenerId,
+		Body: &hcElbModel.UpdateListenerRequestBody{
+			Listener: &hcElbModel.UpdateListenerOption{
+				DefaultTlsContainerRef: cast.StringPtr(hcCertId),
+			},
+		},
+	}
+	if showListenerResp.Listener.SniContainerRefs != nil {
+		if len(showListenerResp.Listener.SniContainerRefs) > 0 {
+			// 如果开启 SNI，需替换同 SAN 的证书
+			sniCertIds := make([]string, 0)
+			sniCertIds = append(sniCertIds, hcCertId)
+
+			listOldCertificateReq := &hcElbModel.ListCertificatesRequest{
+				Id: &showListenerResp.Listener.SniContainerRefs,
+			}
+			listOldCertificateResp, err := d.sdkClient.ListCertificates(listOldCertificateReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
+			}
+
+			showNewCertificateReq := &hcElbModel.ShowCertificateRequest{
+				CertificateId: hcCertId,
+			}
+			showNewCertificateResp, err := d.sdkClient.ShowCertificate(showNewCertificateReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowCertificate'")
+			}
+
+			for _, certificate := range *listOldCertificateResp.Certificates {
+				oldCertificate := certificate
+				newCertificate := showNewCertificateResp.Certificate
+
+				if oldCertificate.SubjectAlternativeNames != nil && newCertificate.SubjectAlternativeNames != nil {
+					oldCertificateSans := oldCertificate.SubjectAlternativeNames
+					newCertificateSans := newCertificate.SubjectAlternativeNames
+					sort.Strings(*oldCertificateSans)
+					sort.Strings(*newCertificateSans)
+					if strings.Join(*oldCertificateSans, ";") == strings.Join(*newCertificateSans, ";") {
+						continue
+					}
+				} else {
+					if oldCertificate.Domain == newCertificate.Domain {
+						continue
+					}
+				}
+
+				sniCertIds = append(sniCertIds, certificate.Id)
+			}
+
+			updateListenerReq.Body.Listener.SniContainerRefs = &sniCertIds
+		}
+
+		if showListenerResp.Listener.SniMatchAlgo != "" {
+			updateListenerReq.Body.Listener.SniMatchAlgo = cast.StringPtr(showListenerResp.Listener.SniMatchAlgo)
+		}
+	}
+	updateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.UpdateListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 ELB 监听器", updateListenerResp))
+
+	return nil
+}
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@@ -0,0 +1,136 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+
+	xerrors "github.com/pkg/errors"
+	k8sCore "k8s.io/api/core/v1"
+	k8sMeta "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type K8sSecretDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	k8sClient *kubernetes.Clientset
+}
+
+func NewK8sSecretDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.KubernetesAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&K8sSecretDeployer{}).createK8sClient(access)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create k8s client")
+	}
+
+	return &K8sSecretDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		k8sClient: client,
+	}, nil
+}
+
+func (d *K8sSecretDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *K8sSecretDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
+	namespace := d.option.DeployConfig.GetConfigAsString("namespace")
+	secretName := d.option.DeployConfig.GetConfigAsString("secretName")
+	secretDataKeyForCrt := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForCrt", "tls.crt")
+	secretDataKeyForKey := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForKey", "tls.key")
+	if namespace == "" {
+		namespace = "default"
+	}
+	if secretName == "" {
+		return errors.New("`secretName` is required")
+	}
+
+	certX509, err := x509.ParseCertificateFromPEM(d.option.Certificate.Certificate)
+	if err != nil {
+		return err
+	}
+
+	secretPayload := k8sCore.Secret{
+		TypeMeta: k8sMeta.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: "v1",
+		},
+		ObjectMeta: k8sMeta.ObjectMeta{
+			Name: secretName,
+			Annotations: map[string]string{
+				"certimate/domains":             d.option.Domain,
+				"certimate/alt-names":           strings.Join(certX509.DNSNames, ","),
+				"certimate/common-name":         certX509.Subject.CommonName,
+				"certimate/issuer-organization": strings.Join(certX509.Issuer.Organization, ","),
+			},
+		},
+		Type: k8sCore.SecretType("kubernetes.io/tls"),
+	}
+	secretPayload.Data = make(map[string][]byte)
+	secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
+	secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)
+
+	// 获取 Secret 实例
+	_, err = d.k8sClient.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMeta.GetOptions{})
+	if err != nil {
+		_, err = d.k8sClient.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMeta.CreateOptions{})
+		if err != nil {
+			return xerrors.Wrap(err, "failed to create k8s secret")
+		} else {
+			d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil))
+			return nil
+		}
+	}
+
+	// 更新 Secret 实例
+	_, err = d.k8sClient.CoreV1().Secrets(namespace).Update(context.TODO(), &secretPayload, k8sMeta.UpdateOptions{})
+	if err != nil {
+		return xerrors.Wrap(err, "failed to update k8s secret")
+	}
+
+	d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil))
+
+	return nil
+}
+
+func (d *K8sSecretDeployer) createK8sClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
+	var config *rest.Config
+	var err error
+	if access.KubeConfig == "" {
+		config, err = rest.InClusterConfig()
+	} else {
+		kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
+		if err != nil {
+			return nil, err
+		}
+		config, err = kubeConfig.ClientConfig()
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	client, err := kubernetes.NewForConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/local.go
+++ b/internal/deployer/local.go
@@ -0,0 +1,162 @@
+package deployer
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"os/exec"
+	"runtime"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/utils/fs"
+)
+
+type LocalDeployer struct {
+	option *DeployerOption
+	infos  []string
+}
+
+const (
+	certFormatPEM = "pem"
+	certFormatPFX = "pfx"
+	certFormatJKS = "jks"
+)
+
+const (
+	shellEnvSh         = "sh"
+	shellEnvCmd        = "cmd"
+	shellEnvPowershell = "powershell"
+)
+
+func NewLocalDeployer(option *DeployerOption) (Deployer, error) {
+	return &LocalDeployer{
+		option: option,
+		infos:  make([]string, 0),
+	}, nil
+}
+
+func (d *LocalDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *LocalDeployer) GetInfos() []string {
+	return []string{}
+}
+
+func (d *LocalDeployer) Deploy(ctx context.Context) error {
+	// 执行前置命令
+	preCommand := d.option.DeployConfig.GetConfigAsString("preCommand")
+	if preCommand != "" {
+		stdout, stderr, err := d.execCommand(preCommand)
+		if err != nil {
+			return xerrors.Wrapf(err, "failed to run pre-command, stdout: %s, stderr: %s", stdout, stderr)
+		}
+
+		d.infos = append(d.infos, toStr("执行前置命令成功", stdout))
+	}
+
+	// 写入证书和私钥文件
+	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
+	case certFormatPEM:
+		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("保存证书成功", nil))
+
+		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("保存私钥成功", nil))
+
+	case certFormatPFX:
+		pfxData, err := convertPEMToPFX(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("保存证书成功", nil))
+
+	case certFormatJKS:
+		jksData, err := convertPEMToJKS(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("jksAlias"),
+			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
+			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("保存证书成功", nil))
+
+	default:
+		return errors.New("unsupported format")
+	}
+
+	// 执行命令
+	command := d.option.DeployConfig.GetConfigAsString("command")
+	if command != "" {
+		stdout, stderr, err := d.execCommand(command)
+		if err != nil {
+			return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr)
+		}
+
+		d.infos = append(d.infos, toStr("执行命令成功", stdout))
+	}
+
+	return nil
+}
+
+func (d *LocalDeployer) execCommand(command string) (string, string, error) {
+	var cmd *exec.Cmd
+
+	switch d.option.DeployConfig.GetConfigAsString("shell") {
+	case shellEnvSh:
+		cmd = exec.Command("sh", "-c", command)
+
+	case shellEnvCmd:
+		cmd = exec.Command("cmd", "/C", command)
+
+	case shellEnvPowershell:
+		cmd = exec.Command("powershell", "-Command", command)
+
+	case "":
+		if runtime.GOOS == "windows" {
+			cmd = exec.Command("cmd", "/C", command)
+		} else {
+			cmd = exec.Command("sh", "-c", command)
+		}
+
+	default:
+		return "", "", errors.New("unsupported shell")
+	}
+
+	var stdoutBuf bytes.Buffer
+	cmd.Stdout = &stdoutBuf
+	var stderrBuf bytes.Buffer
+	cmd.Stderr = &stderrBuf
+
+	err := cmd.Run()
+	if err != nil {
+		return "", "", xerrors.Wrap(err, "failed to execute shell script")
+	}
+
+	return stdoutBuf.String(), stderrBuf.String(), nil
+}
--- a/internal/deployer/qiniu.go
+++ b/internal/deployer/qiniu.go
@@ -1,208 +0,0 @@
-package deployer
-
-import (
-	"bytes"
-	"certimate/internal/domain"
-	xhttp "certimate/internal/utils/http"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-
-	"github.com/qiniu/go-sdk/v7/auth"
-)
-
-const qiniuGateway = "http://api.qiniu.com"
-
-type qiuniu struct {
-	option      *DeployerOption
-	info        []string
-	credentials *auth.Credentials
-}
-
-func NewQiNiu(option *DeployerOption) (*qiuniu, error) {
-	access := &domain.QiniuAccess{}
-	json.Unmarshal([]byte(option.Access), access)
-
-	return &qiuniu{
-		option: option,
-		info:   make([]string, 0),
-
-		credentials: auth.New(access.AccessKey, access.SecretKey),
-	}, nil
-}
-
-func (q *qiuniu) GetInfo() []string {
-	return q.info
-}
-
-func (q *qiuniu) Deploy(ctx context.Context) error {
-
-	// 上传证书
-	certId, err := q.uploadCert()
-	if err != nil {
-		return fmt.Errorf("uploadCert failed: %w", err)
-	}
-
-	// 获取域名信息
-	domainInfo, err := q.getDomainInfo()
-	if err != nil {
-		return fmt.Errorf("getDomainInfo failed: %w", err)
-	}
-
-	// 判断域名是否启用 https
-
-	if domainInfo.Https != nil && domainInfo.Https.CertID != "" {
-		// 启用了 https
-		// 修改域名证书
-		err = q.modifyDomainCert(certId)
-		if err != nil {
-			return fmt.Errorf("modifyDomainCert failed: %w", err)
-		}
-	} else {
-		// 没启用 https
-		// 启用 https
-
-		err = q.enableHttps(certId)
-		if err != nil {
-			return fmt.Errorf("enableHttps failed: %w", err)
-		}
-	}
-
-	return nil
-}
-
-func (q *qiuniu) enableHttps(certId string) error {
-	path := fmt.Sprintf("/domain/%s/sslize", q.option.Domain)
-
-	body := &modifyDomainCertReq{
-		CertID:      certId,
-		ForceHttps:  true,
-		Http2Enable: true,
-	}
-
-	bodyBytes, err := json.Marshal(body)
-	if err != nil {
-		return fmt.Errorf("enable https failed: %w", err)
-	}
-
-	_, err = q.req(qiniuGateway+path, http.MethodPut, bytes.NewReader(bodyBytes))
-	if err != nil {
-		return fmt.Errorf("enable https failed: %w", err)
-	}
-
-	return nil
-}
-
-type domainInfo struct {
-	Https *modifyDomainCertReq `json:"https"`
-}
-
-func (q *qiuniu) getDomainInfo() (*domainInfo, error) {
-	path := fmt.Sprintf("/domain/%s", q.option.Domain)
-
-	res, err := q.req(qiniuGateway+path, http.MethodGet, nil)
-	if err != nil {
-		return nil, fmt.Errorf("req failed: %w", err)
-	}
-
-	resp := &domainInfo{}
-	err = json.Unmarshal(res, resp)
-	if err != nil {
-		return nil, fmt.Errorf("json.Unmarshal failed: %w", err)
-	}
-
-	return resp, nil
-}
-
-type uploadCertReq struct {
-	Name       string `json:"name"`
-	CommonName string `json:"common_name"`
-	Pri        string `json:"pri"`
-	Ca         string `json:"ca"`
-}
-
-type uploadCertResp struct {
-	CertID string `json:"certID"`
-}
-
-func (q *qiuniu) uploadCert() (string, error) {
-	path := "/sslcert"
-
-	body := &uploadCertReq{
-		Name:       q.option.Domain,
-		CommonName: q.option.Domain,
-		Pri:        q.option.Certificate.PrivateKey,
-		Ca:         q.option.Certificate.Certificate,
-	}
-
-	bodyBytes, err := json.Marshal(body)
-	if err != nil {
-		return "", fmt.Errorf("json.Marshal failed: %w", err)
-	}
-
-	res, err := q.req(qiniuGateway+path, http.MethodPost, bytes.NewReader(bodyBytes))
-	if err != nil {
-		return "", fmt.Errorf("req failed: %w", err)
-	}
-	resp := &uploadCertResp{}
-	err = json.Unmarshal(res, resp)
-	if err != nil {
-		return "", fmt.Errorf("json.Unmarshal failed: %w", err)
-	}
-
-	return resp.CertID, nil
-}
-
-type modifyDomainCertReq struct {
-	CertID      string `json:"certId"`
-	ForceHttps  bool   `json:"forceHttps"`
-	Http2Enable bool   `json:"http2Enable"`
-}
-
-func (q *qiuniu) modifyDomainCert(certId string) error {
-	path := fmt.Sprintf("/domain/%s/httpsconf", q.option.Domain)
-
-	body := &modifyDomainCertReq{
-		CertID:      certId,
-		ForceHttps:  true,
-		Http2Enable: true,
-	}
-
-	bodyBytes, err := json.Marshal(body)
-	if err != nil {
-		return fmt.Errorf("json.Marshal failed: %w", err)
-	}
-
-	_, err = q.req(qiniuGateway+path, http.MethodPut, bytes.NewReader(bodyBytes))
-	if err != nil {
-		return fmt.Errorf("req failed: %w", err)
-	}
-
-	return nil
-}
-
-func (q *qiuniu) req(url, method string, body io.Reader) ([]byte, error) {
-	req := xhttp.BuildReq(url, method, body, map[string]string{
-		"Content-Type": "application/json",
-	})
-
-	if err := q.credentials.AddToken(auth.TokenQBox, req); err != nil {
-		return nil, fmt.Errorf("credentials.AddToken failed: %w", err)
-	}
-
-	respBody, err := xhttp.ToRequest(req)
-	if err != nil {
-		return nil, fmt.Errorf("ToRequest failed: %w", err)
-	}
-
-	defer respBody.Close()
-
-	res, err := io.ReadAll(respBody)
-	if err != nil {
-		return nil, fmt.Errorf("io.ReadAll failed: %w", err)
-	}
-
-	return res, nil
-}
--- a/internal/deployer/qiniu_cdn.go
+++ b/internal/deployer/qiniu_cdn.go
@@ -0,0 +1,107 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/qiniu/go-sdk/v7/auth"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderQiniu "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert"
+	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
+)
+
+type QiniuCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *qiniuEx.Client
+	sslUploader uploader.Uploader
+}
+
+func NewQiniuCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.QiniuAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&QiniuCDNDeployer{}).createSdkClient(
+		access.AccessKey,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderQiniu.New(&uploaderQiniu.QiniuSSLCertUploaderConfig{
+		AccessKey: access.AccessKey,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &QiniuCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *QiniuCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *QiniuCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *QiniuCDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 获取域名信息
+	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	getDomainInfoResp, err := d.sdkClient.GetDomainInfo(domain)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.GetDomainInfo'")
+	}
+
+	d.infos = append(d.infos, toStr("已获取域名信息", getDomainInfoResp))
+
+	// 判断域名是否已启用 HTTPS。如果已启用，修改域名证书；否则，启用 HTTPS
+	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
+	if getDomainInfoResp.Https != nil && getDomainInfoResp.Https.CertID != "" {
+		modifyDomainHttpsConfResp, err := d.sdkClient.ModifyDomainHttpsConf(domain, upres.CertId, getDomainInfoResp.Https.ForceHttps, getDomainInfoResp.Https.Http2Enable)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.ModifyDomainHttpsConf'")
+		}
+
+		d.infos = append(d.infos, toStr("已修改域名证书", modifyDomainHttpsConfResp))
+	} else {
+		enableDomainHttpsResp, err := d.sdkClient.EnableDomainHttps(domain, upres.CertId, true, true)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.EnableDomainHttps'")
+		}
+
+		d.infos = append(d.infos, toStr("已将域名升级为 HTTPS", enableDomainHttpsResp))
+	}
+
+	return nil
+}
+
+func (u *QiniuCDNDeployer) createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
+	credential := auth.New(accessKey, secretKey)
+	client := qiniuEx.NewClient(credential)
+	return client, nil
+}
--- a/internal/deployer/qiniu_test.go
+++ b/internal/deployer/qiniu_test.go
@@ -1,86 +0,0 @@
-package deployer
-
-import (
-	"certimate/internal/applicant"
-	"testing"
-
-	"github.com/qiniu/go-sdk/v7/auth"
-)
-
-func Test_qiuniu_uploadCert(t *testing.T) {
-	type fields struct {
-		option *DeployerOption
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		want    string
-		wantErr bool
-	}{
-		{
-			name: "test",
-			fields: fields{
-				option: &DeployerOption{
-					DomainId: "1",
-					Domain:   "example.com",
-					Product:  "test",
-					Access:   `{"bucket":"test","accessKey":"","secretKey":""}`,
-					Certificate: applicant.Certificate{
-						Certificate: "",
-						PrivateKey:  "",
-					},
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			q, _ := NewQiNiu(tt.fields.option)
-			got, err := q.uploadCert()
-			if (err != nil) != tt.wantErr {
-				t.Errorf("qiuniu.uploadCert() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != tt.want {
-				t.Errorf("qiuniu.uploadCert() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func Test_qiuniu_modifyDomainCert(t *testing.T) {
-	type fields struct {
-		option      *DeployerOption
-		info        []string
-		credentials *auth.Credentials
-	}
-	type args struct {
-		certId string
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		args    args
-		wantErr bool
-	}{
-		{
-			name: "test",
-			fields: fields{
-				option: &DeployerOption{
-					DomainId: "1",
-					Domain:   "jt1.ikit.fun",
-					Product:  "test",
-					Access:   `{"bucket":"test","accessKey":"","secretKey":""}`,
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			q, _ := NewQiNiu(tt.fields.option)
-			if err := q.modifyDomainCert(tt.args.certId); (err != nil) != tt.wantErr {
-				t.Errorf("qiuniu.modifyDomainCert() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
--- a/internal/deployer/ssh.go
+++ b/internal/deployer/ssh.go
@@ -4,138 +4,205 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
-	xpath "path"
+	"path/filepath"

+	xerrors "github.com/pkg/errors"
 	"github.com/pkg/sftp"
-	sshPkg "golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh"
+
+	"github.com/usual2970/certimate/internal/domain"
 )

-type ssh struct {
+type SSHDeployer struct {
 	option *DeployerOption
 	infos  []string
 }

-type sshAccess struct {
-	Host     string `json:"host"`
-	Username string `json:"username"`
-	Password string `json:"password"`
-	Key      string `json:"key"`
-	Port     string `json:"port"`
-	Command  string `json:"command"`
-	CertPath string `json:"certPath"`
-	KeyPath  string `json:"keyPath"`
-}
-
-func NewSSH(option *DeployerOption) (Deployer, error) {
-	return &ssh{
+func NewSSHDeployer(option *DeployerOption) (Deployer, error) {
+	return &SSHDeployer{
 		option: option,
 		infos:  make([]string, 0),
 	}, nil
 }

-func (s *ssh) GetInfo() []string {
-	return s.infos
+func (d *SSHDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (s *ssh) Deploy(ctx context.Context) error {
-	access := &sshAccess{}
-	if err := json.Unmarshal([]byte(s.option.Access), access); err != nil {
+func (d *SSHDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *SSHDeployer) Deploy(ctx context.Context) error {
+	access := &domain.SSHAccess{}
+	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
 		return err
 	}
+
 	// 连接
-	client, err := s.getClient(access)
+	client, err := d.createSshClient(access)
 	if err != nil {
 		return err
 	}
 	defer client.Close()

-	s.infos = append(s.infos, toStr("ssh连接成功", nil))
+	d.infos = append(d.infos, toStr("SSH 连接成功", nil))

-	// 上传
-	session, err := client.NewSession()
-	if err != nil {
-		return fmt.Errorf("failed to create session: %w", err)
-	}
-	defer session.Close()
+	// 执行前置命令
+	preCommand := d.option.DeployConfig.GetConfigAsString("preCommand")
+	if preCommand != "" {
+		stdout, stderr, err := d.sshExecCommand(client, preCommand)
+		if err != nil {
+			return xerrors.Wrapf(err, "failed to run pre-command: stdout: %s, stderr: %s", stdout, stderr)
+		}

-	s.infos = append(s.infos, toStr("ssh创建session成功", nil))
-
-	// 上传证书
-	if err := s.upload(client, s.option.Certificate.Certificate, access.CertPath); err != nil {
-		return fmt.Errorf("failed to upload certificate: %w", err)
+		d.infos = append(d.infos, toStr("SSH 执行前置命令成功", stdout))
 	}

-	s.infos = append(s.infos, toStr("ssh上传证书成功", nil))
+	// 上传证书和私钥文件
+	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
+	case certFormatPEM:
+		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
+			return err
+		}

-	// 上传私钥
-	if err := s.upload(client, s.option.Certificate.PrivateKey, access.KeyPath); err != nil {
-		return fmt.Errorf("failed to upload private key: %w", err)
+		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("SSH 上传私钥成功", nil))
+
+	case certFormatPFX:
+		pfxData, err := convertPEMToPFX(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := d.writeSftpFile(client, d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+	case certFormatJKS:
+		jksData, err := convertPEMToJKS(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("jksAlias"),
+			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
+			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := d.writeSftpFile(client, d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+	default:
+		return errors.New("unsupported format")
 	}

-	s.infos = append(s.infos, toStr("ssh上传私钥成功", nil))
-
 	// 执行命令
+	command := d.option.DeployConfig.GetConfigAsString("command")
+	if command != "" {
+		stdout, stderr, err := d.sshExecCommand(client, command)
+		if err != nil {
+			return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr)
+		}
+
+		d.infos = append(d.infos, toStr("SSH 执行命令成功", stdout))
+	}
+
+	return nil
+}
+
+func (d *SSHDeployer) createSshClient(access *domain.SSHAccess) (*ssh.Client, error) {
+	var authMethod ssh.AuthMethod
+
+	if access.Key != "" {
+		var signer ssh.Signer
+		var err error
+
+		if access.KeyPassphrase != "" {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(access.Key), []byte(access.KeyPassphrase))
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(access.Key))
+		}
+
+		if err != nil {
+			return nil, err
+		}
+		authMethod = ssh.PublicKeys(signer)
+	} else {
+		authMethod = ssh.Password(access.Password)
+	}
+
+	return ssh.Dial("tcp", fmt.Sprintf("%s:%s", access.Host, access.Port), &ssh.ClientConfig{
+		User: access.Username,
+		Auth: []ssh.AuthMethod{
+			authMethod,
+		},
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+	})
+}
+
+func (d *SSHDeployer) sshExecCommand(sshCli *ssh.Client, command string) (string, string, error) {
+	session, err := sshCli.NewSession()
+	if err != nil {
+		return "", "", xerrors.Wrap(err, "failed to create ssh session")
+	}
+
+	defer session.Close()
 	var stdoutBuf bytes.Buffer
 	session.Stdout = &stdoutBuf
 	var stderrBuf bytes.Buffer
 	session.Stderr = &stderrBuf
-
-	if err := session.Run(access.Command); err != nil {
-		return fmt.Errorf("failed to run command: %w, stdout: %s, stderr: %s", err, stdoutBuf.String(), stderrBuf.String())
+	err = session.Run(command)
+	if err != nil {
+		return "", "", xerrors.Wrap(err, "failed to execute ssh script")
 	}

-	s.infos = append(s.infos, toStr("ssh执行命令成功", []string{stdoutBuf.String()}))
-
-	return nil
+	return stdoutBuf.String(), stderrBuf.String(), nil
 }

-func (s *ssh) upload(client *sshPkg.Client, content, path string) error {
+func (d *SSHDeployer) writeSftpFileString(sshCli *ssh.Client, path string, content string) error {
+	return d.writeSftpFile(sshCli, path, []byte(content))
+}

-	sftpCli, err := sftp.NewClient(client)
+func (d *SSHDeployer) writeSftpFile(sshCli *ssh.Client, path string, data []byte) error {
+	sftpCli, err := sftp.NewClient(sshCli)
 	if err != nil {
-		return fmt.Errorf("failed to create sftp client: %w", err)
+		return xerrors.Wrap(err, "failed to create sftp client")
 	}
 	defer sftpCli.Close()

-	if err := sftpCli.MkdirAll(xpath.Dir(path)); err != nil {
-		return fmt.Errorf("failed to create remote directory: %w", err)
+	if err := sftpCli.MkdirAll(filepath.Dir(path)); err != nil {
+		return xerrors.Wrap(err, "failed to create remote directory")
 	}

 	file, err := sftpCli.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC)
 	if err != nil {
-		return fmt.Errorf("failed to open remote file: %w", err)
+		return xerrors.Wrap(err, "failed to open remote file")
 	}
 	defer file.Close()

-	_, err = file.Write([]byte(content))
+	_, err = file.Write(data)
 	if err != nil {
-		return fmt.Errorf("failed to write to remote file: %w", err)
+		return xerrors.Wrap(err, "failed to write to remote file")
 	}

 	return nil
 }
-
-func (s *ssh) getClient(access *sshAccess) (*sshPkg.Client, error) {
-
-	var authMethod sshPkg.AuthMethod
-
-	if access.Key != "" {
-		signer, err := sshPkg.ParsePrivateKey([]byte(access.Key))
-		if err != nil {
-			return nil, err
-		}
-		authMethod = sshPkg.PublicKeys(signer)
-	} else {
-		authMethod = sshPkg.Password(access.Password)
-	}
-
-	return sshPkg.Dial("tcp", fmt.Sprintf("%s:%s", access.Host, access.Port), &sshPkg.ClientConfig{
-		User: access.Username,
-		Auth: []sshPkg.AuthMethod{
-			authMethod,
-		},
-		HostKeyCallback: sshPkg.InsecureIgnoreHostKey(),
-	})
-}
--- a/internal/deployer/ssh_test.go
+++ b/internal/deployer/ssh_test.go
@@ -8,5 +8,5 @@ import (

 func TestPath(t *testing.T) {
 	dir := path.Dir("./a/b/c")
-	os.MkdirAll(dir, 0755)
+	os.MkdirAll(dir, 0o755)
 }
--- a/internal/deployer/tencent_cdn.go
+++ b/internal/deployer/tencent_cdn.go
@@ -1,171 +1,194 @@
 package deployer

 import (
-	"certimate/internal/domain"
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"strings"

+	xerrors "github.com/pkg/errors"
+	tcCdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-	tag "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag/v20180813"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	"golang.org/x/exp/slices"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
 )

-type tencentCdn struct {
-	option     *DeployerOption
-	credential *common.Credential
-	infos      []string
+type TencentCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClients  *tencentCDNDeployerSdkClients
+	sslUploader uploader.Uploader
 }

-func NewTencentCdn(option *DeployerOption) (Deployer, error) {
+type tencentCDNDeployerSdkClients struct {
+	ssl *tcSsl.Client
+	cdn *tcCdn.Client
+}

+func NewTencentCDNDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.TencentAccess{}
 	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal tencent access: %w", err)
+		return nil, xerrors.Wrap(err, "failed to get access")
 	}

-	credential := common.NewCredential(
+	clients, err := (&TencentCDNDeployer{}).createSdkClients(
 		access.SecretId,
 		access.SecretKey,
 	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}

-	return &tencentCdn{
-		option:     option,
-		credential: credential,
-		infos:      make([]string, 0),
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
 	}, nil
 }

-func (t *tencentCdn) GetInfo() []string {
-	return t.infos
+func (d *TencentCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (t *tencentCdn) Deploy(ctx context.Context) error {
+func (d *TencentCDNDeployer) GetInfos() []string {
+	return d.infos
+}

-	// 查询有没有对应的资源
-	resource, err := t.resource()
+func (d *TencentCDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
 	if err != nil {
-		return fmt.Errorf("failed to get resource: %w", err)
+		return err
 	}

-	t.infos = append(t.infos, toStr("查询对应的资源", resource))
+	d.infos = append(d.infos, toStr("已上传证书", upres))

-	// 上传证书
-	certId, err := t.uploadCert()
+	// 获取待部署的 CDN 实例
+	// 如果是泛域名，根据证书匹配 CDN 实例
+	tcInstanceIds := make([]string, 0)
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domains, err := d.getDomainsByCertificateId(upres.CertId)
+		if err != nil {
+			return err
+		}
+
+		tcInstanceIds = domains
+	} else {
+		tcInstanceIds = append(tcInstanceIds, domain)
+	}
+
+	// 跳过已部署的 CDN 实例
+	if len(tcInstanceIds) > 0 {
+		deployedDomains, err := d.getDeployedDomainsByCertificateId(upres.CertId)
+		if err != nil {
+			return err
+		}
+
+		temp := make([]string, 0)
+		for _, aliInstanceId := range tcInstanceIds {
+			if !slices.Contains(deployedDomains, aliInstanceId) {
+				temp = append(temp, aliInstanceId)
+			}
+		}
+		tcInstanceIds = temp
+	}
+	if len(tcInstanceIds) == 0 {
+		d.infos = append(d.infos, "已部署过或没有要部署的 CDN 实例")
+		return nil
+	}
+
+	// 证书部署到 CDN 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("cdn")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs(tcInstanceIds)
+	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
 	if err != nil {
-		return fmt.Errorf("failed to upload certificate: %w", err)
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
 	}
-	t.infos = append(t.infos, toStr("上传证书", certId))

-	if err := t.deploy(resource, certId); err != nil {
-		return fmt.Errorf("failed to deploy: %w", err)
-	}
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))

 	return nil
 }

-func (t *tencentCdn) uploadCert() (string, error) {
+func (d *TencentCDNDeployer) createSdkClients(secretId, secretKey string) (*tencentCDNDeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)

-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
-
-	client, _ := ssl.NewClient(t.credential, "", cpf)
-
-	request := ssl.NewUploadCertificateRequest()
-
-	request.CertificatePublicKey = common.StringPtr(t.option.Certificate.Certificate)
-	request.CertificatePrivateKey = common.StringPtr(t.option.Certificate.PrivateKey)
-	request.Alias = common.StringPtr(t.option.Domain)
-	request.Repeatable = common.BoolPtr(true)
-
-	response, err := client.UploadCertificate(request)
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
 	if err != nil {
-		return "", fmt.Errorf("failed to upload certificate: %w", err)
+		return nil, err
 	}

-	return *response.Response.CertificateId, nil
+	cdnClient, err := tcCdn.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return &tencentCDNDeployerSdkClients{
+		ssl: sslClient,
+		cdn: cdnClient,
+	}, nil
 }

-func (t *tencentCdn) deploy(resource *tag.ResourceTagMapping, certId string) error {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
-	// 实例化要请求产品的client对象,clientProfile是可选的
-	client, _ := ssl.NewClient(t.credential, "", cpf)
-
-	resourceId, err := getResourceId(resource)
+func (d *TencentCDNDeployer) getDomainsByCertificateId(tcCertId string) ([]string, error) {
+	// 获取证书中的可用域名
+	// REF: https://cloud.tencent.com/document/product/228/42491
+	describeCertDomainsReq := tcCdn.NewDescribeCertDomainsRequest()
+	describeCertDomainsReq.CertId = common.StringPtr(tcCertId)
+	describeCertDomainsReq.Product = common.StringPtr("cdn")
+	describeCertDomainsResp, err := d.sdkClients.cdn.DescribeCertDomains(describeCertDomainsReq)
 	if err != nil {
-		return fmt.Errorf("failed to get resource id: %w", err)
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertDomains'")
 	}

-	// 实例化一个请求对象,每个接口都会对应一个request对象
-	request := ssl.NewDeployCertificateInstanceRequest()
-
-	request.CertificateId = common.StringPtr(certId)
-	request.InstanceIdList = common.StringPtrs([]string{resourceId})
-	request.ResourceType = common.StringPtr("cdn")
-	request.Status = common.Int64Ptr(1)
-
-	// 返回的resp是一个DeployCertificateInstanceResponse的实例，与请求对象对应
-	resp, err := client.DeployCertificateInstance(request)
-
-	if err != nil {
-		return fmt.Errorf("failed to deploy certificate: %w", err)
-	}
-	t.infos = append(t.infos, toStr("部署证书", resp.Response))
-	return nil
-}
-
-func (t *tencentCdn) resource() (*tag.ResourceTagMapping, error) {
-	request := tag.NewGetResourcesRequest()
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "tag.tencentcloudapi.com"
-
-	client, err := tag.NewClient(t.credential, "", cpf)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create client: %w", err)
-	}
-
-	response, err := client.GetResources(request)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get resources: %w", err)
-	}
-
-	for _, resource := range response.Response.ResourceTagMappingList {
-		if t.compare(resource) {
-			return resource, nil
+	domains := make([]string, 0)
+	if describeCertDomainsResp.Response.Domains == nil {
+		for _, domain := range describeCertDomainsResp.Response.Domains {
+			domains = append(domains, *domain)
 		}
 	}

-	return nil, errors.New("no resource found")
-
+	return domains, nil
 }

-func (t *tencentCdn) compare(resource *tag.ResourceTagMapping) bool {
-	slices := strings.Split(*resource.Resource, "/")
-	if len(slices) != 3 {
-		return false
+func (d *TencentCDNDeployer) getDeployedDomainsByCertificateId(tcCertId string) ([]string, error) {
+	// 根据证书查询关联 CDN 域名
+	// REF: https://cloud.tencent.com/document/product/400/62674
+	describeDeployedResourcesReq := tcSsl.NewDescribeDeployedResourcesRequest()
+	describeDeployedResourcesReq.CertificateIds = common.StringPtrs([]string{tcCertId})
+	describeDeployedResourcesReq.ResourceType = common.StringPtr("cdn")
+	describeDeployedResourcesResp, err := d.sdkClients.ssl.DescribeDeployedResources(describeDeployedResourcesReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeDeployedResources'")
 	}

-	typeSlices := strings.Split(slices[0], "::")
-	if len(typeSlices) != 3 {
-		return false
+	domains := make([]string, 0)
+	if describeDeployedResourcesResp.Response.DeployedResources != nil {
+		for _, deployedResource := range describeDeployedResourcesResp.Response.DeployedResources {
+			for _, resource := range deployedResource.Resources {
+				domains = append(domains, *resource)
+			}
+		}
 	}

-	if typeSlices[1] != "cdn" || slices[2] != t.option.Domain {
-		return false
-	}
-
-	return true
-
-}
-
-func getResourceId(resource *tag.ResourceTagMapping) (string, error) {
-	slices := strings.Split(*resource.Resource, "/")
-	if len(slices) != 3 {
-		return "", errors.New("invalid resource")
-	}
-	return slices[2], nil
+	return domains, nil
 }
--- a/internal/deployer/tencent_clb.go
+++ b/internal/deployer/tencent_clb.go
@@ -0,0 +1,328 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	xerrors "github.com/pkg/errors"
+	tcClb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentCLBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClients  *tencentCLBDeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentCLBDeployerSdkClients struct {
+	ssl *tcSsl.Client
+	clb *tcClb.Client
+}
+
+func NewTencentCLBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.TencentAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	clients, err := (&TencentCLBDeployer{}).createSdkClients(
+		access.SecretId,
+		access.SecretKey,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentCLBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentCLBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *TencentCLBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *TencentCLBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "ssl-deploy":
+		// 通过 SSL 服务部署到云资源实例
+		err := d.deployToInstanceUseSsl(ctx)
+		if err != nil {
+			return err
+		}
+	case "loadbalancer":
+		// 部署到指定负载均衡器
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		// 部署到指定监听器
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	case "ruledomain":
+		// 部署到指定七层监听转发规则域名
+		if err := d.deployToRuleDomain(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) createSdkClients(secretId, secretKey, region string) (*tencentCLBDeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)
+
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	clbClient, err := tcClb.NewClient(credential, region, profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return &tencentCLBDeployerSdkClients{
+		ssl: sslClient,
+		clb: clbClient,
+	}, nil
+}
+
+func (d *TencentCLBDeployer) deployToInstanceUseSsl(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 证书部署到 CLB 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("clb")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	if tcDomain == "" {
+		// 未开启 SNI，只需指定到监听器
+		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", tcLoadbalancerId, tcListenerId)})
+	} else {
+		// 开启 SNI，需指定到域名（支持泛域名）
+		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", tcLoadbalancerId, tcListenerId, tcDomain)})
+	}
+	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
+	}
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerIds := make([]string, 0)
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	// 查询负载均衡器详细信息
+	// REF: https://cloud.tencent.com/document/api/214/46916
+	describeLoadBalancersDetailReq := tcClb.NewDescribeLoadBalancersDetailRequest()
+	describeLoadBalancersDetailResp, err := d.sdkClients.clb.DescribeLoadBalancersDetail(describeLoadBalancersDetailReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeLoadBalancersDetail'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到负载均衡详细信息", describeLoadBalancersDetailResp))
+
+	// 查询监听器列表
+	// REF: https://cloud.tencent.com/document/api/214/30686
+	describeListenersReq := tcClb.NewDescribeListenersRequest()
+	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+	} else {
+		if describeListenersResp.Response.Listeners != nil {
+			for _, listener := range describeListenersResp.Response.Listeners {
+				if listener.Protocol == nil || (*listener.Protocol != "HTTPS" && *listener.Protocol != "TCP_SSL" && *listener.Protocol != "QUIC") {
+					continue
+				}
+
+				tcListenerIds = append(tcListenerIds, *listener.ListenerId)
+			}
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到负载均衡器下的监听器", tcListenerIds))
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听器证书
+	var errs []error
+	for _, tcListenerId := range tcListenerIds {
+		if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToListener(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听器证书
+	if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToRuleDomain(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+	if tcDomain == "" {
+		return errors.New("`domain` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 修改负载均衡七层监听器转发规则的域名级别属性
+	// REF: https://cloud.tencent.com/document/api/214/38092
+	modifyDomainAttributesReq := tcClb.NewModifyDomainAttributesRequest()
+	modifyDomainAttributesReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	modifyDomainAttributesReq.ListenerId = common.StringPtr(tcListenerId)
+	modifyDomainAttributesReq.Domain = common.StringPtr(tcDomain)
+	modifyDomainAttributesReq.Certificate = &tcClb.CertificateInput{
+		SSLMode: common.StringPtr("UNIDIRECTIONAL"),
+		CertId:  common.StringPtr(upres.CertId),
+	}
+	modifyDomainAttributesResp, err := d.sdkClients.clb.ModifyDomainAttributes(modifyDomainAttributesReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyDomainAttributes'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改七层监听器转发规则的域名级别属性", modifyDomainAttributesResp.Response))
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) modifyListenerCertificate(ctx context.Context, tcLoadbalancerId, tcListenerId, tcCertId string) error {
+	// 查询监听器列表
+	// REF: https://cloud.tencent.com/document/api/214/30686
+	describeListenersReq := tcClb.NewDescribeListenersRequest()
+	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	describeListenersReq.ListenerIds = common.StringPtrs([]string{tcListenerId})
+	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+	}
+	if len(describeListenersResp.Response.Listeners) == 0 {
+		d.infos = append(d.infos, toStr("未找到监听器", nil))
+		return errors.New("listener not found")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到监听器属性", describeListenersResp.Response))
+
+	// 修改监听器属性
+	// REF: https://cloud.tencent.com/document/product/214/30681
+	modifyListenerReq := tcClb.NewModifyListenerRequest()
+	modifyListenerReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	modifyListenerReq.ListenerId = common.StringPtr(tcListenerId)
+	modifyListenerReq.Certificate = &tcClb.CertificateInput{CertId: common.StringPtr(tcCertId)}
+	if describeListenersResp.Response.Listeners[0].Certificate != nil && describeListenersResp.Response.Listeners[0].Certificate.SSLMode != nil {
+		modifyListenerReq.Certificate.SSLMode = describeListenersResp.Response.Listeners[0].Certificate.SSLMode
+		modifyListenerReq.Certificate.CertCaId = describeListenersResp.Response.Listeners[0].Certificate.CertCaId
+	} else {
+		modifyListenerReq.Certificate.SSLMode = common.StringPtr("UNIDIRECTIONAL")
+	}
+	modifyListenerResp, err := d.sdkClients.clb.ModifyListener(modifyListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改监听器属性", modifyListenerResp.Response))
+
+	return nil
+}
--- a/internal/deployer/tencent_cos.go
+++ b/internal/deployer/tencent_cos.go
@@ -0,0 +1,106 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentCOSDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *tcSsl.Client
+	sslUploader uploader.Uploader
+}
+
+func NewTencentCOSDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.TencentAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&TencentCOSDeployer{}).createSdkClient(
+		access.SecretId,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentCOSDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentCOSDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *TencentCOSDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *TencentCOSDeployer) Deploy(ctx context.Context) error {
+	tcRegion := d.option.DeployConfig.GetConfigAsString("region")
+	tcBucket := d.option.DeployConfig.GetConfigAsString("bucket")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcBucket == "" {
+		return errors.New("`bucket` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 证书部署到 COS 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("cos")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s#%s#%s", tcRegion, tcBucket, tcDomain)})
+	deployCertificateInstanceResp, err := d.sdkClient.DeployCertificateInstance(deployCertificateInstanceReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
+	}
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
+	return nil
+}
+
+func (d *TencentCOSDeployer) createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) {
+	credential := common.NewCredential(secretId, secretKey)
+	client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/tencent_ecdn.go
+++ b/internal/deployer/tencent_ecdn.go
@@ -0,0 +1,154 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	xerrors "github.com/pkg/errors"
+	tcCdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentECDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClients  *tencentECDNDeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentECDNDeployerSdkClients struct {
+	ssl *tcSsl.Client
+	cdn *tcCdn.Client
+}
+
+func NewTencentECDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.TencentAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	clients, err := (&TencentECDNDeployer{}).createSdkClients(
+		access.SecretId,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentECDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentECDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *TencentECDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *TencentECDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 获取待部署的 ECDN 实例
+	// 如果是泛域名，根据证书匹配 ECDN 实例
+	aliInstanceIds := make([]string, 0)
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domains, err := d.getDomainsByCertificateId(upres.CertId)
+		if err != nil {
+			return err
+		}
+
+		aliInstanceIds = domains
+	} else {
+		aliInstanceIds = append(aliInstanceIds, domain)
+	}
+	if len(aliInstanceIds) == 0 {
+		d.infos = append(d.infos, "没有要部署的 ECDN 实例")
+		return nil
+	}
+
+	// 证书部署到 ECDN 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("ecdn")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs(aliInstanceIds)
+	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
+	}
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
+	return nil
+}
+
+func (d *TencentECDNDeployer) createSdkClients(secretId, secretKey string) (*tencentECDNDeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)
+
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	cdnClient, err := tcCdn.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return &tencentECDNDeployerSdkClients{
+		ssl: sslClient,
+		cdn: cdnClient,
+	}, nil
+}
+
+func (d *TencentECDNDeployer) getDomainsByCertificateId(tcCertId string) ([]string, error) {
+	// 获取证书中的可用域名
+	// REF: https://cloud.tencent.com/document/product/228/42491
+	describeCertDomainsReq := tcCdn.NewDescribeCertDomainsRequest()
+	describeCertDomainsReq.CertId = common.StringPtr(tcCertId)
+	describeCertDomainsReq.Product = common.StringPtr("ecdn")
+	describeCertDomainsResp, err := d.sdkClients.cdn.DescribeCertDomains(describeCertDomainsReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertDomains'")
+	}
+
+	domains := make([]string, 0)
+	if describeCertDomainsResp.Response.Domains == nil {
+		for _, domain := range describeCertDomainsResp.Response.Domains {
+			domains = append(domains, *domain)
+		}
+	}
+
+	return domains, nil
+}
--- a/internal/deployer/tencent_teo.go
+++ b/internal/deployer/tencent_teo.go
@@ -0,0 +1,119 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	tcTeo "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentTEODeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClients  *tencentTEODeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentTEODeployerSdkClients struct {
+	ssl *tcSsl.Client
+	teo *tcTeo.Client
+}
+
+func NewTencentTEODeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.TencentAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	clients, err := (&TencentTEODeployer{}).createSdkClients(
+		access.SecretId,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentTEODeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentTEODeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *TencentTEODeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *TencentTEODeployer) Deploy(ctx context.Context) error {
+	tcZoneId := d.option.DeployConfig.GetConfigAsString("zoneId")
+	if tcZoneId == "" {
+		return xerrors.New("`zoneId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 配置域名证书
+	// REF: https://cloud.tencent.com/document/product/1552/80764
+	modifyHostsCertificateReq := tcTeo.NewModifyHostsCertificateRequest()
+	modifyHostsCertificateReq.ZoneId = common.StringPtr(tcZoneId)
+	modifyHostsCertificateReq.Mode = common.StringPtr("sslcert")
+	modifyHostsCertificateReq.Hosts = common.StringPtrs(strings.Split(strings.ReplaceAll(d.option.Domain, "\r\n", "\n"), "\n"))
+	modifyHostsCertificateReq.ServerCertInfo = []*tcTeo.ServerCertInfo{{CertId: common.StringPtr(upres.CertId)}}
+	modifyHostsCertificateResp, err := d.sdkClients.teo.ModifyHostsCertificate(modifyHostsCertificateReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'teo.ModifyHostsCertificate'")
+	}
+
+	d.infos = append(d.infos, toStr("已配置域名证书", modifyHostsCertificateResp.Response))
+
+	return nil
+}
+
+func (d *TencentTEODeployer) createSdkClients(secretId, secretKey string) (*tencentTEODeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)
+
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	teoClient, err := tcTeo.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return &tencentTEODeployerSdkClients{
+		ssl: sslClient,
+		teo: teoClient,
+	}, nil
+}
--- a/internal/deployer/webhook.go
+++ b/internal/deployer/webhook.go
@@ -2,62 +2,65 @@ package deployer

 import (
 	"bytes"
-	xhttp "certimate/internal/utils/http"
 	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	xhttp "github.com/usual2970/certimate/internal/utils/http"
 )

-type webhookAccess struct {
-	Url string `json:"url"`
-}
-
-type hookData struct {
-	Domain      string `json:"domain"`
-	Certificate string `json:"certificate"`
-	PrivateKey  string `json:"privateKey"`
-}
-
-type webhook struct {
+type WebhookDeployer struct {
 	option *DeployerOption
 	infos  []string
 }

-func NewWebhook(option *DeployerOption) (Deployer, error) {
-
-	return &webhook{
+func NewWebhookDeployer(option *DeployerOption) (Deployer, error) {
+	return &WebhookDeployer{
 		option: option,
 		infos:  make([]string, 0),
 	}, nil
 }

-func (w *webhook) GetInfo() []string {
-	return w.infos
+func (d *WebhookDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (w *webhook) Deploy(ctx context.Context) error {
-	access := &webhookAccess{}
-	if err := json.Unmarshal([]byte(w.option.Access), access); err != nil {
-		return fmt.Errorf("failed to parse hook access config: %w", err)
+func (d *WebhookDeployer) GetInfos() []string {
+	return d.infos
+}
+
+type webhookData struct {
+	Domain      string            `json:"domain"`
+	Certificate string            `json:"certificate"`
+	PrivateKey  string            `json:"privateKey"`
+	Variables   map[string]string `json:"variables"`
+}
+
+func (d *WebhookDeployer) Deploy(ctx context.Context) error {
+	access := &domain.WebhookAccess{}
+	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
+		return xerrors.Wrap(err, "failed to get access")
 	}

-	data := &hookData{
-		Domain:      w.option.Domain,
-		Certificate: w.option.Certificate.Certificate,
-		PrivateKey:  w.option.Certificate.PrivateKey,
+	data := &webhookData{
+		Domain:      d.option.Domain,
+		Certificate: d.option.Certificate.Certificate,
+		PrivateKey:  d.option.Certificate.PrivateKey,
+		Variables:   d.option.DeployConfig.GetConfigAsVariables(),
 	}
-
 	body, _ := json.Marshal(data)
-
 	resp, err := xhttp.Req(access.Url, http.MethodPost, bytes.NewReader(body), map[string]string{
 		"Content-Type": "application/json",
 	})
 	if err != nil {
-		return fmt.Errorf("failed to send hook request: %w", err)
+		return xerrors.Wrap(err, "failed to send webhook request")
 	}

-	w.infos = append(w.infos, toStr("webhook response", string(resp)))
+	d.infos = append(d.infos, toStr("Webhook Response", string(resp)))

 	return nil
 }
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -10,6 +10,24 @@ type TencentAccess struct {
 	SecretKey string `json:"secretKey"`
 }

+type HuaweiCloudAccess struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
+}
+
+type BaiduCloudAccess struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+}
+
+type AwsAccess struct {
+	Region          string `json:"region"`
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	HostedZoneId    string `json:"hostedZoneId"`
+}
+
 type CloudflareAccess struct {
 	DnsApiToken string `json:"dnsApiToken"`
 }
@@ -19,6 +37,47 @@ type QiniuAccess struct {
 	SecretKey string `json:"secretKey"`
 }

+type DogeCloudAccess struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
 type NameSiloAccess struct {
 	ApiKey string `json:"apiKey"`
 }
+
+type GodaddyAccess struct {
+	ApiKey    string `json:"apiKey"`
+	ApiSecret string `json:"apiSecret"`
+}
+
+type PdnsAccess struct {
+	ApiUrl string `json:"apiUrl"`
+	ApiKey string `json:"apiKey"`
+}
+
+type HttpreqAccess struct {
+	Endpoint string `json:"endpoint"`
+	Mode     string `json:"mode"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type LocalAccess struct{}
+
+type SSHAccess struct {
+	Host          string `json:"host"`
+	Port          string `json:"port"`
+	Username      string `json:"username"`
+	Password      string `json:"password"`
+	Key           string `json:"key"`
+	KeyPassphrase string `json:"keyPassphrase"`
+}
+
+type WebhookAccess struct {
+	Url string `json:"url"`
+}
+
+type KubernetesAccess struct {
+	KubeConfig string `json:"kubeConfig"`
+}
--- a/internal/domain/acme_accounts.go
+++ b/internal/domain/acme_accounts.go
@@ -0,0 +1,17 @@
+package domain
+
+import (
+	"time"
+
+	"github.com/go-acme/lego/v4/registration"
+)
+
+type AcmeAccount struct {
+	Id       string
+	Ca       string
+	Email    string
+	Resource *registration.Resource
+	Key      string
+	Created  time.Time
+	Updated  time.Time
+}
--- a/internal/domain/domains.go
+++ b/internal/domain/domains.go
@@ -0,0 +1,172 @@
+package domain
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+type ApplyConfig struct {
+	Email              string `json:"email"`
+	Access             string `json:"access"`
+	KeyAlgorithm       string `json:"keyAlgorithm"`
+	Nameservers        string `json:"nameservers"`
+	Timeout            int64  `json:"timeout"`
+	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
+}
+
+type DeployConfig struct {
+	Id     string         `json:"id"`
+	Access string         `json:"access"`
+	Type   string         `json:"type"`
+	Config map[string]any `json:"config"`
+}
+
+// 以字符串形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是字符串，则返回空字符串。
+func (dc *DeployConfig) GetConfigAsString(key string) string {
+	return dc.GetConfigOrDefaultAsString(key, "")
+}
+
+// 以字符串形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是字符串，则返回默认值。
+func (dc *DeployConfig) GetConfigOrDefaultAsString(key string, defaultValue string) string {
+	if dc.Config == nil {
+		return defaultValue
+	}
+
+	if value, ok := dc.Config[key]; ok {
+		if result, ok := value.(string); ok {
+			return result
+		}
+	}
+
+	return defaultValue
+}
+
+// 以 32 位整数形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是 32 位整数，则返回 0。
+func (dc *DeployConfig) GetConfigAsInt32(key string) int32 {
+	return dc.GetConfigOrDefaultAsInt32(key, 0)
+}
+
+// 以 32 位整数形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是 32 位整数，则返回默认值。
+func (dc *DeployConfig) GetConfigOrDefaultAsInt32(key string, defaultValue int32) int32 {
+	if dc.Config == nil {
+		return defaultValue
+	}
+
+	if value, ok := dc.Config[key]; ok {
+		if result, ok := value.(int32); ok {
+			return result
+		}
+	}
+
+	return defaultValue
+}
+
+// 以布尔形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是布尔，则返回 false。
+func (dc *DeployConfig) GetConfigAsBool(key string) bool {
+	return dc.GetConfigOrDefaultAsBool(key, false)
+}
+
+// 以布尔形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是布尔，则返回默认值。
+func (dc *DeployConfig) GetConfigOrDefaultAsBool(key string, defaultValue bool) bool {
+	if dc.Config == nil {
+		return defaultValue
+	}
+
+	if value, ok := dc.Config[key]; ok {
+		if result, ok := value.(bool); ok {
+			return result
+		}
+	}
+
+	return defaultValue
+}
+
+// 以变量字典形式获取配置项。
+//
+// 出参：
+//   - 变量字典。
+func (dc *DeployConfig) GetConfigAsVariables() map[string]string {
+	rs := make(map[string]string)
+
+	if dc.Config != nil {
+		value, ok := dc.Config["variables"]
+		if !ok {
+			return rs
+		}
+
+		kvs := make([]KV, 0)
+		bts, _ := json.Marshal(value)
+		if err := json.Unmarshal(bts, &kvs); err != nil {
+			return rs
+		}
+
+		for _, kv := range kvs {
+			rs[kv.Key] = kv.Value
+		}
+	}
+
+	return rs
+}
+
+// GetDomain returns the domain from the deploy config
+// if the domain is a wildcard domain, and wildcard is true, return the wildcard domain
+func (dc *DeployConfig) GetDomain(wildcard ...bool) string {
+	val := dc.GetConfigAsString("domain")
+	if val == "" {
+		return ""
+	}
+
+	if !strings.HasPrefix(val, "*") {
+		return val
+	}
+
+	if len(wildcard) > 0 && wildcard[0] {
+		return val
+	}
+
+	return strings.TrimPrefix(val, "*")
+}
+
+type KV struct {
+	Key   string `json:"key"`
+	Value string `json:"value"`
+}
--- a/internal/domain/err.go
+++ b/internal/domain/err.go
@@ -0,0 +1,23 @@
+package domain
+
+var ErrAuthFailed = NewXError(4999, "auth failed")
+
+type XError struct {
+	Code int    `json:"code"`
+	Msg  string `json:"msg"`
+}
+
+func NewXError(code int, msg string) *XError {
+	return &XError{code, msg}
+}
+
+func (e *XError) Error() string {
+	return e.Msg
+}
+
+func (e *XError) GetCode() int {
+	if e.Code == 0 {
+		return 100
+	}
+	return e.Code
+}
--- a/internal/domain/notify.go
+++ b/internal/domain/notify.go
@@ -0,0 +1,15 @@
+package domain
+
+const (
+	NotifyChannelDingtalk   = "dingtalk"
+	NotifyChannelWebhook    = "webhook"
+	NotifyChannelTelegram   = "telegram"
+	NotifyChannelLark       = "lark"
+	NotifyChannelServerChan = "serverchan"
+	NotifyChannelMail       = "mail"
+	NotifyChannelBark       = "bark"
+)
+
+type NotifyTestPushReq struct {
+	Channel string `json:"channel"`
+}
--- a/internal/domain/setting.go
+++ b/internal/domain/setting.go
@@ -0,0 +1,31 @@
+package domain
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+)
+
+type Setting struct {
+	ID      string    `json:"id"`
+	Name    string    `json:"name"`
+	Content string    `json:"content"`
+	Created time.Time `json:"created"`
+	Updated time.Time `json:"updated"`
+}
+
+type ChannelsConfig map[string]map[string]any
+
+func (s *Setting) GetChannelContent(channel string) (map[string]any, error) {
+	conf := &ChannelsConfig{}
+	if err := json.Unmarshal([]byte(s.Content), conf); err != nil {
+		return nil, err
+	}
+
+	v, ok := (*conf)[channel]
+	if !ok {
+		return nil, fmt.Errorf("channel %s not found", channel)
+	}
+
+	return v, nil
+}
--- a/internal/domains/deploy.go
+++ b/internal/domains/deploy.go
@@ -1,15 +1,15 @@
 package domains

 import (
-	"certimate/internal/applicant"
-	"certimate/internal/deployer"
-	"certimate/internal/utils/app"
 	"context"
-	"errors"
 	"fmt"
 	"time"

 	"github.com/pocketbase/pocketbase/models"
+
+	"github.com/usual2970/certimate/internal/applicant"
+	"github.com/usual2970/certimate/internal/deployer"
+	"github.com/usual2970/certimate/internal/utils/app"
 )

 type Phase string
@@ -41,18 +41,6 @@ func deploy(ctx context.Context, record *models.Record) error {
 		return err
 	}
 	history.record(checkPhase, "获取记录成功", nil)
-	if errs := app.GetApp().Dao().ExpandRecord(currRecord, []string{"access", "targetAccess"}, nil); len(errs) > 0 {
-
-		errList := make([]error, 0)
-		for name, err := range errs {
-			errList = append(errList, fmt.Errorf("展开记录失败,%s: %w", name, err))
-		}
-		err = errors.Join(errList...)
-		app.GetApp().Logger().Error("展开记录失败", "err", err)
-		history.record(checkPhase, "获取授权信息失败", &RecordInfo{Err: err})
-		return err
-	}
-	history.record(checkPhase, "获取授权信息成功", nil)

 	cert := currRecord.GetString("certificate")
 	expiredAt := currRecord.GetDateTime("expiredAt").Time()
@@ -62,7 +50,10 @@ func deploy(ctx context.Context, record *models.Record) error {
 		history.record(checkPhase, "证书在有效期内且已部署，跳过", &RecordInfo{
 			Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))},
 		}, true)
-		return err
+
+		// 跳过的情况也算成功
+		history.setWholeSuccess(true)
+		return nil
 	}
 	history.record(checkPhase, "检查通过", nil, true)

@@ -96,24 +87,37 @@ func deploy(ctx context.Context, record *models.Record) error {

 	// ############3.部署证书
 	history.record(deployPhase, "开始部署", nil, false)
-	deployer, err := deployer.Get(currRecord, certificate)
+	deployers, err := deployer.Gets(currRecord, certificate)
 	if err != nil {
 		history.record(deployPhase, "获取deployer失败", &RecordInfo{Err: err})
 		app.GetApp().Logger().Error("获取deployer失败", "err", err)
 		return err
 	}

-	if err = deployer.Deploy(ctx); err != nil {
+	// 没有部署配置,也算成功
+	if len(deployers) == 0 {
+		history.record(deployPhase, "没有部署配置", &RecordInfo{Info: []string{"没有部署配置"}})
+		history.setWholeSuccess(true)
+		return nil
+	}
+
+	for _, deployer := range deployers {
+		if err = deployer.Deploy(ctx); err != nil {
+
+			app.GetApp().Logger().Error("部署失败", "err", err)
+			history.record(deployPhase, "部署失败", &RecordInfo{Err: err, Info: deployer.GetInfos()})
+			return err
+		}
+		history.record(deployPhase, fmt.Sprintf("[%s]-部署成功", deployer.GetID()), &RecordInfo{
+			Info: deployer.GetInfos(),
+		}, false)

-		app.GetApp().Logger().Error("部署失败", "err", err)
-		history.record(deployPhase, "部署失败", &RecordInfo{Err: err, Info: deployer.GetInfo()})
-		return err
 	}

 	app.GetApp().Logger().Info("部署成功")
-	history.record(deployPhase, "部署成功", &RecordInfo{
-		Info: deployer.GetInfo(),
-	}, true)
+	history.record(deployPhase, "部署成功", nil, true)
+
+	history.setWholeSuccess(true)

 	return nil
 }
--- a/internal/domains/domains.go
+++ b/internal/domains/domains.go
@@ -1,11 +1,12 @@
 package domains

 import (
-	"certimate/internal/utils/app"
 	"context"
 	"fmt"

 	"github.com/pocketbase/pocketbase/models"
+
+	"github.com/usual2970/certimate/internal/utils/app"
 )

 func create(ctx context.Context, record *models.Record) error {
@@ -19,7 +20,6 @@ func create(ctx context.Context, record *models.Record) error {
 				app.GetApp().Logger().Error("deploy failed", "err", err)
 			}
 		}()
-
 	}

 	scheduler := app.GetScheduler()
@@ -27,7 +27,6 @@ func create(ctx context.Context, record *models.Record) error {
 	err := scheduler.Add(record.Id, record.GetString("crontab"), func() {
 		deploy(ctx, record)
 	})
-
 	if err != nil {
 		app.GetApp().Logger().Error("add cron job failed", "err", err)
 		return fmt.Errorf("add cron job failed: %w", err)
@@ -46,7 +45,6 @@ func update(ctx context.Context, record *models.Record) error {
 	}

 	if record.GetBool("rightnow") {
-
 		go func() {
 			if err := deploy(ctx, record); err != nil {
 				app.GetApp().Logger().Error("deploy failed", "err", err)
@@ -57,7 +55,6 @@ func update(ctx context.Context, record *models.Record) error {
 	err := scheduler.Add(record.Id, record.GetString("crontab"), func() {
 		deploy(ctx, record)
 	})
-
 	if err != nil {
 		app.GetApp().Logger().Error("update cron job failed", "err", err)
 		return fmt.Errorf("update cron job failed: %w", err)
--- a/internal/domains/event.go
+++ b/internal/domains/event.go
@@ -1,9 +1,9 @@
 package domains

 import (
-	"certimate/internal/utils/app"
-
 	"github.com/pocketbase/pocketbase/core"
+
+	"github.com/usual2970/certimate/internal/utils/app"
 )

 const tableName = "domains"
--- a/internal/domains/history.go
+++ b/internal/domains/history.go
@@ -1,12 +1,13 @@
 package domains

 import (
-	"certimate/internal/applicant"
-	"certimate/internal/utils/app"
-	"certimate/internal/utils/xtime"
 	"time"

 	"github.com/pocketbase/pocketbase/models"
+
+	"github.com/usual2970/certimate/internal/applicant"
+	"github.com/usual2970/certimate/internal/utils/app"
+	"github.com/usual2970/certimate/internal/utils/xtime"
 )

 type historyItem struct {
@@ -28,6 +29,7 @@ type history struct {
 	PhaseSuccess bool                    `json:"phaseSuccess"`
 	DeployedAt   string                  `json:"deployedAt"`
 	Cert         *applicant.Certificate  `json:"cert"`
+	WholeSuccess bool                    `json:"wholeSuccess"`
 }

 func NewHistory(record *models.Record) *history {
@@ -61,13 +63,16 @@ func (a *history) record(phase Phase, msg string, info *RecordInfo, pass ...bool
 		Info:    info.Info,
 		Time:    xtime.BeijingTimeStr(),
 	})
-
 }

 func (a *history) setCert(cert *applicant.Certificate) {
 	a.Cert = cert
 }

+func (a *history) setWholeSuccess(success bool) {
+	a.WholeSuccess = success
+}
+
 func (a *history) commit() error {
 	collection, err := app.GetApp().Dao().FindCollectionByNameOrId("deployments")
 	if err != nil {
@@ -81,6 +86,7 @@ func (a *history) commit() error {
 	record.Set("log", a.Log)
 	record.Set("phase", string(a.Phase))
 	record.Set("phaseSuccess", a.PhaseSuccess)
+	record.Set("wholeSuccess", a.WholeSuccess)

 	if err := app.GetApp().Dao().SaveRecord(record); err != nil {
 		return err
--- a/internal/domains/init.go
+++ b/internal/domains/init.go
@@ -1,8 +1,10 @@
 package domains

 import (
-	"certimate/internal/utils/app"
 	"context"
+
+	"github.com/usual2970/certimate/internal/notify"
+	"github.com/usual2970/certimate/internal/utils/app"
 )

 func InitSchedule() {
@@ -25,8 +27,12 @@ func InitSchedule() {
 		}
 	}

+	// 过期提醒
+	app.GetScheduler().Add("expire", "0 0 * * *", func() {
+		notify.PushExpireMsg()
+	})
+
 	// 启动定时任务
 	app.GetScheduler().Start()
 	app.GetApp().Logger().Info("定时任务启动成功", "total", app.GetScheduler().Total())
-
 }
--- a/internal/notify/expire.go
+++ b/internal/notify/expire.go
@@ -0,0 +1,97 @@
+package notify
+
+import (
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/models"
+
+	"github.com/usual2970/certimate/internal/utils/app"
+	"github.com/usual2970/certimate/internal/utils/xtime"
+)
+
+type msg struct {
+	subject string
+	message string
+}
+
+const (
+	defaultExpireSubject = "您有{COUNT}张证书即将过期"
+	defaultExpireMsg     = "有{COUNT}张证书即将过期,域名分别为{DOMAINS},请保持关注！"
+)
+
+func PushExpireMsg() {
+	// 查询即将过期的证书
+
+	records, err := app.GetApp().Dao().FindRecordsByFilter("domains", "expiredAt<{:time}&&certUrl!=''", "-created", 500, 0,
+		dbx.Params{"time": xtime.GetTimeAfter(24 * time.Hour * 15)})
+	if err != nil {
+		app.GetApp().Logger().Error("find expired domains by filter", "error", err)
+		return
+	}
+
+	// 组装消息
+	msg := buildMsg(records)
+
+	if msg == nil {
+		return
+	}
+
+	if err := Send(msg.subject, msg.message); err != nil {
+		app.GetApp().Logger().Error("send expire msg", "error", err)
+	}
+}
+
+type notifyTemplates struct {
+	NotifyTemplates []notifyTemplate `json:"notifyTemplates"`
+}
+
+type notifyTemplate struct {
+	Title   string `json:"title"`
+	Content string `json:"content"`
+}
+
+func buildMsg(records []*models.Record) *msg {
+	if len(records) == 0 {
+		return nil
+	}
+
+	// 查询模板信息
+	templateRecord, err := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='templates'")
+	title := defaultExpireSubject
+	content := defaultExpireMsg
+
+	if err == nil {
+		var templates *notifyTemplates
+		templateRecord.UnmarshalJSONField("content", templates)
+		if templates != nil && len(templates.NotifyTemplates) > 0 {
+			title = templates.NotifyTemplates[0].Title
+			content = templates.NotifyTemplates[0].Content
+		}
+	}
+
+	// 替换变量
+	count := len(records)
+	domains := make([]string, count)
+
+	for i, record := range records {
+		domains[i] = record.GetString("domain")
+	}
+
+	countStr := strconv.Itoa(count)
+	domainStr := strings.Join(domains, ",")
+
+	title = strings.ReplaceAll(title, "{COUNT}", countStr)
+	title = strings.ReplaceAll(title, "{DOMAINS}", domainStr)
+
+	content = strings.ReplaceAll(content, "{COUNT}", countStr)
+	content = strings.ReplaceAll(content, "{DOMAINS}", domainStr)
+
+	// 返回消息
+	return &msg{
+		subject: title,
+		message: content,
+	}
+}
--- a/internal/notify/mail.go
+++ b/internal/notify/mail.go
@@ -0,0 +1,56 @@
+package notify
+
+import (
+	"context"
+	"fmt"
+	"net/mail"
+	"strconv"
+
+	"github.com/pocketbase/pocketbase/tools/mailer"
+)
+
+const defaultSmtpHostPort = "25"
+
+type Mail struct {
+	username string
+	to       string
+	client   *mailer.SmtpClient
+}
+
+func NewMail(senderAddress, receiverAddresses, smtpHostAddr, smtpHostPort, password string) (*Mail, error) {
+	if smtpHostPort == "" {
+		smtpHostPort = defaultSmtpHostPort
+	}
+
+	port, err := strconv.Atoi(smtpHostPort)
+	if err != nil {
+		return nil, fmt.Errorf("invalid smtp port: %w", err)
+	}
+
+	client := mailer.SmtpClient{
+		Host:     smtpHostAddr,
+		Port:     port,
+		Username: senderAddress,
+		Password: password,
+		Tls:      true,
+	}
+
+	return &Mail{
+		username: senderAddress,
+		client:   &client,
+		to:       receiverAddresses,
+	}, nil
+}
+
+func (m *Mail) Send(ctx context.Context, subject, content string) error {
+	message := &mailer.Message{
+		From: mail.Address{
+			Address: m.username,
+		},
+		To:      []mail.Address{{Address: m.to}},
+		Subject: subject,
+		Text:    content,
+	}
+
+	return m.client.Send(message)
+}
--- a/internal/notify/notify.go
+++ b/internal/notify/notify.go
@@ -0,0 +1,211 @@
+package notify
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+
+	stdhttp "net/http"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/utils/app"
+
+	notifyPackage "github.com/nikoksr/notify"
+	"github.com/nikoksr/notify/service/bark"
+	"github.com/nikoksr/notify/service/dingding"
+	"github.com/nikoksr/notify/service/http"
+	"github.com/nikoksr/notify/service/lark"
+	"github.com/nikoksr/notify/service/telegram"
+)
+
+func Send(title, content string) error {
+	// 获取所有的推送渠道
+	notifiers, err := getNotifiers()
+	if err != nil {
+		return err
+	}
+	if len(notifiers) == 0 {
+		return nil
+	}
+
+	n := notifyPackage.New()
+	// 添加推送渠道
+	n.UseServices(notifiers...)
+
+	// 发送消息
+	return n.Send(context.Background(), title, content)
+}
+
+type sendTestParam struct {
+	Title   string         `json:"title"`
+	Content string         `json:"content"`
+	Channel string         `json:"channel"`
+	Conf    map[string]any `json:"conf"`
+}
+
+func SendTest(param *sendTestParam) error {
+	notifier, err := getNotifier(param.Channel, param.Conf)
+	if err != nil {
+		return err
+	}
+
+	n := notifyPackage.New()
+
+	// 添加推送渠道
+	n.UseServices(notifier)
+
+	// 发送消息
+	return n.Send(context.Background(), param.Title, param.Content)
+}
+
+func getNotifiers() ([]notifyPackage.Notifier, error) {
+	resp, err := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='notifyChannels'")
+	if err != nil {
+		return nil, fmt.Errorf("find notifyChannels error: %w", err)
+	}
+
+	notifiers := make([]notifyPackage.Notifier, 0)
+
+	rs := make(map[string]map[string]any)
+
+	if err := resp.UnmarshalJSONField("content", &rs); err != nil {
+		return nil, fmt.Errorf("unmarshal notifyChannels error: %w", err)
+	}
+
+	for k, v := range rs {
+
+		if !getBool(v, "enabled") {
+			continue
+		}
+
+		notifier, err := getNotifier(k, v)
+		if err != nil {
+			continue
+		}
+
+		notifiers = append(notifiers, notifier)
+
+	}
+
+	return notifiers, nil
+}
+
+func getNotifier(channel string, conf map[string]any) (notifyPackage.Notifier, error) {
+	switch channel {
+	case domain.NotifyChannelTelegram:
+		temp := getTelegramNotifier(conf)
+		if temp == nil {
+			return nil, fmt.Errorf("telegram notifier config error")
+		}
+
+		return temp, nil
+	case domain.NotifyChannelDingtalk:
+		return getDingTalkNotifier(conf), nil
+	case domain.NotifyChannelLark:
+		return getLarkNotifier(conf), nil
+	case domain.NotifyChannelWebhook:
+		return getWebhookNotifier(conf), nil
+	case domain.NotifyChannelServerChan:
+		return getServerChanNotifier(conf), nil
+	case domain.NotifyChannelMail:
+		return getMailNotifier(conf)
+	case domain.NotifyChannelBark:
+		return getBarkNotifier(conf), nil
+	}
+
+	return nil, fmt.Errorf("notifier not found")
+}
+
+func getWebhookNotifier(conf map[string]any) notifyPackage.Notifier {
+	rs := http.New()
+
+	rs.AddReceiversURLs(getString(conf, "url"))
+
+	return rs
+}
+
+func getTelegramNotifier(conf map[string]any) notifyPackage.Notifier {
+	rs, err := telegram.New(getString(conf, "apiToken"))
+	if err != nil {
+		return nil
+	}
+
+	chatId := getString(conf, "chatId")
+
+	id, err := strconv.ParseInt(chatId, 10, 64)
+	if err != nil {
+		return nil
+	}
+
+	rs.AddReceivers(id)
+	return rs
+}
+
+func getServerChanNotifier(conf map[string]any) notifyPackage.Notifier {
+	rs := http.New()
+
+	rs.AddReceivers(&http.Webhook{
+		URL:         getString(conf, "url"),
+		Header:      stdhttp.Header{},
+		ContentType: "application/json",
+		Method:      stdhttp.MethodPost,
+		BuildPayload: func(subject, message string) (payload any) {
+			return map[string]string{
+				"text": subject,
+				"desp": message,
+			}
+		},
+	})
+
+	return rs
+}
+
+func getBarkNotifier(conf map[string]any) notifyPackage.Notifier {
+	deviceKey := getString(conf, "deviceKey")
+	serverURL := getString(conf, "serverUrl")
+	if serverURL == "" {
+		return bark.New(deviceKey)
+	}
+	return bark.NewWithServers(deviceKey, serverURL)
+}
+
+func getDingTalkNotifier(conf map[string]any) notifyPackage.Notifier {
+	return dingding.New(&dingding.Config{
+		Token:  getString(conf, "accessToken"),
+		Secret: getString(conf, "secret"),
+	})
+}
+
+func getLarkNotifier(conf map[string]any) notifyPackage.Notifier {
+	return lark.NewWebhookService(getString(conf, "webhookUrl"))
+}
+
+func getMailNotifier(conf map[string]any) (notifyPackage.Notifier, error) {
+	rs, err := NewMail(getString(conf, "senderAddress"),
+		getString(conf, "receiverAddresses"),
+		getString(conf, "smtpHostAddr"),
+		getString(conf, "smtpHostPort"),
+		getString(conf, "password"),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return rs, nil
+}
+
+func getString(conf map[string]any, key string) string {
+	if _, ok := conf[key]; !ok {
+		return ""
+	}
+
+	return conf[key].(string)
+}
+
+func getBool(conf map[string]any, key string) bool {
+	if _, ok := conf[key]; !ok {
+		return false
+	}
+
+	return conf[key].(bool)
+}
--- a/internal/notify/service.go
+++ b/internal/notify/service.go
@@ -0,0 +1,46 @@
+package notify
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+const (
+	notifyTestTitle = "测试通知"
+	notifyTestBody  = "欢迎使用 Certimate ，这是一条测试通知。"
+)
+
+type SettingRepository interface {
+	GetByName(ctx context.Context, name string) (*domain.Setting, error)
+}
+
+type NotifyService struct {
+	settingRepo SettingRepository
+}
+
+func NewNotifyService(settingRepo SettingRepository) *NotifyService {
+	return &NotifyService{
+		settingRepo: settingRepo,
+	}
+}
+
+func (n *NotifyService) Test(ctx context.Context, req *domain.NotifyTestPushReq) error {
+	setting, err := n.settingRepo.GetByName(ctx, "notifyChannels")
+	if err != nil {
+		return fmt.Errorf("get notify channels setting failed: %w", err)
+	}
+
+	conf, err := setting.GetChannelContent(req.Channel)
+	if err != nil {
+		return fmt.Errorf("get notify channel %s config failed: %w", req.Channel, err)
+	}
+
+	return SendTest(&sendTestParam{
+		Title:   notifyTestTitle,
+		Content: notifyTestBody,
+		Channel: req.Channel,
+		Conf:    conf,
+	})
+}
--- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
@@ -0,0 +1,160 @@
+package aliyuncas
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type AliyunCASUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+	Region          string `json:"region"`
+}
+
+type AliyunCASUploader struct {
+	config    *AliyunCASUploaderConfig
+	sdkClient *aliyunCas.Client
+}
+
+func New(config *AliyunCASUploaderConfig) (*AliyunCASUploader, error) {
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.AccessKeySecret,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunCASUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 查询证书列表，避免重复上传
+	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listusercertificateorder
+	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
+	listUserCertificateOrderPage := int64(1)
+	listUserCertificateOrderLimit := int64(50)
+	for {
+		listUserCertificateOrderReq := &aliyunCas.ListUserCertificateOrderRequest{
+			CurrentPage: tea.Int64(listUserCertificateOrderPage),
+			ShowSize:    tea.Int64(listUserCertificateOrderLimit),
+			OrderType:   tea.String("CERT"),
+		}
+		listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.ListUserCertificateOrder'")
+		}
+
+		if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
+			for _, certDetail := range listUserCertificateOrderResp.Body.CertificateOrderList {
+				if strings.EqualFold(certX509.SerialNumber.Text(16), *certDetail.SerialNo) {
+					getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
+						CertId: certDetail.CertificateId,
+					}
+					getUserCertificateDetailResp, err := u.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq)
+					if err != nil {
+						return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'")
+					}
+
+					var isSameCert bool
+					if *getUserCertificateDetailResp.Body.Cert == certPem {
+						isSameCert = true
+					} else {
+						oldCertX509, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert)
+						if err != nil {
+							continue
+						}
+
+						isSameCert = x509.EqualCertificate(certX509, oldCertX509)
+					}
+
+					// 如果已存在相同证书，直接返回已有的证书信息
+					if isSameCert {
+						return &uploader.UploadResult{
+							CertId:   fmt.Sprintf("%d", tea.Int64Value(certDetail.CertificateId)),
+							CertName: *certDetail.Name,
+						}, nil
+					}
+				}
+			}
+		}
+
+		if listUserCertificateOrderResp.Body.CertificateOrderList == nil || len(listUserCertificateOrderResp.Body.CertificateOrderList) < int(listUserCertificateOrderLimit) {
+			break
+		} else {
+			listUserCertificateOrderPage += 1
+			if listUserCertificateOrderPage > 99 { // 避免死循环
+				break
+			}
+		}
+	}
+
+	// 生成新证书名（需符合阿里云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate
+	uploadUserCertificateReq := &aliyunCas.UploadUserCertificateRequest{
+		Name: tea.String(certName),
+		Cert: tea.String(certPem),
+		Key:  tea.String(privkeyPem),
+	}
+	uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.UploadUserCertificate'")
+	}
+
+	certId = fmt.Sprintf("%d", tea.Int64Value(uploadUserCertificateResp.Body.CertId))
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou":
+		endpoint = "cas.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunCas.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
+++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
@@ -0,0 +1,133 @@
+package aliyunslb
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type AliyunSLBUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+	Region          string `json:"region"`
+}
+
+type AliyunSLBUploader struct {
+	config    *AliyunSLBUploaderConfig
+	sdkClient *aliyunSlb.Client
+}
+
+func New(config *AliyunSLBUploaderConfig) (*AliyunSLBUploader, error) {
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.AccessKeySecret,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunSLBUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 查询证书列表，避免重复上传
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates
+	describeServerCertificatesReq := &aliyunSlb.DescribeServerCertificatesRequest{
+		RegionId: tea.String(u.config.Region),
+	}
+	describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeServerCertificates'")
+	}
+
+	if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil {
+		fingerprint := sha256.Sum256(certX509.Raw)
+		fingerprintHex := hex.EncodeToString(fingerprint[:])
+		for _, certDetail := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate {
+			isSameCert := *certDetail.IsAliCloudCertificate == 0 &&
+				strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) &&
+				strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName)
+			// 如果已存在相同证书，直接返回已有的证书信息
+			if isSameCert {
+				return &uploader.UploadResult{
+					CertId:   *certDetail.ServerCertificateId,
+					CertName: *certDetail.ServerCertificateName,
+				}, nil
+			}
+		}
+	}
+
+	// 生成新证书名（需符合阿里云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate
+	uploadServerCertificateReq := &aliyunSlb.UploadServerCertificateRequest{
+		RegionId:              tea.String(u.config.Region),
+		ServerCertificateName: tea.String(certName),
+		ServerCertificate:     tea.String(certPem),
+		PrivateKey:            tea.String(privkeyPem),
+	}
+	uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificate(uploadServerCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.UploadServerCertificate'")
+	}
+
+	certId = *uploadServerCertificateResp.Body.ServerCertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // SLB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou":
+	case "cn-hangzhou-finance":
+	case "cn-shanghai-finance-1":
+	case "cn-shenzhen-finance-1":
+		endpoint = "slb.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunSlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
+++ b/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
@@ -0,0 +1,61 @@
+package dogecloud
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
+)
+
+type DogeCloudUploaderConfig struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
+type DogeCloudUploader struct {
+	config    *DogeCloudUploaderConfig
+	sdkClient *doge.Client
+}
+
+func New(config *DogeCloudUploaderConfig) (*DogeCloudUploader, error) {
+	client, err := createSdkClient(
+		config.AccessKey,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &DogeCloudUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *DogeCloudUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 生成新证书名（需符合多吉云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://docs.dogecloud.com/cdn/api-cert-upload
+	uploadSslCertResp, err := u.sdkClient.UploadCdnCert(certName, certPem, privkeyPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadCdnCert'")
+	}
+
+	certId = fmt.Sprintf("%d", uploadSslCertResp.Data.Id)
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKey, secretKey string) (*doge.Client, error) {
+	client := doge.NewClient(accessKey, secretKey)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -0,0 +1,217 @@
+package huaweicloudelb
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
+	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
+	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
+	hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
+	hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
+	hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type HuaweiCloudELBUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
+}
+
+type HuaweiCloudELBUploader struct {
+	config    *HuaweiCloudELBUploaderConfig
+	sdkClient *hcElb.ElbClient
+}
+
+func New(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.SecretAccessKey,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client: %w")
+	}
+
+	return &HuaweiCloudELBUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	newCert, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 遍历查询已有证书，避免重复上传
+	// REF: https://support.huaweicloud.com/api-elb/ListCertificates.html
+	listCertificatesPage := 1
+	listCertificatesLimit := int32(2000)
+	var listCertificatesMarker *string = nil
+	for {
+		listCertificatesReq := &hcElbModel.ListCertificatesRequest{
+			Limit:  cast.Int32Ptr(listCertificatesLimit),
+			Marker: listCertificatesMarker,
+			Type:   &[]string{"server"},
+		}
+		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
+		}
+
+		if listCertificatesResp.Certificates != nil {
+			for _, certDetail := range *listCertificatesResp.Certificates {
+				var isSameCert bool
+				if certDetail.Certificate == certPem {
+					isSameCert = true
+				} else {
+					cert, err := x509.ParseCertificateFromPEM(certDetail.Certificate)
+					if err != nil {
+						continue
+					}
+
+					isSameCert = x509.EqualCertificate(cert, newCert)
+				}
+
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.Id,
+						CertName: certDetail.Name,
+					}, nil
+				}
+			}
+		}
+
+		if listCertificatesResp.Certificates == nil || len(*listCertificatesResp.Certificates) < int(listCertificatesLimit) {
+			break
+		} else {
+			listCertificatesMarker = listCertificatesResp.PageInfo.NextMarker
+			listCertificatesPage++
+			if listCertificatesPage >= 9 { // 避免死循环
+				break
+			}
+		}
+	}
+
+	// 获取项目 ID
+	// REF: https://support.huaweicloud.com/api-iam/iam_06_0001.html
+	projectId, err := getSdkProjectId(u.config.AccessKeyId, u.config.SecretAccessKey, u.config.Region)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to get SDK project id")
+	}
+
+	// 生成新证书名（需符合华为云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 创建新证书
+	// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html
+	createCertificateReq := &hcElbModel.CreateCertificateRequest{
+		Body: &hcElbModel.CreateCertificateRequestBody{
+			Certificate: &hcElbModel.CreateCertificateOption{
+				ProjectId:   cast.StringPtr(projectId),
+				Name:        cast.StringPtr(certName),
+				Certificate: cast.StringPtr(certPem),
+				PrivateKey:  cast.StringPtr(privkeyPem),
+			},
+		},
+	}
+	createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.CreateCertificate'")
+	}
+
+	certId = createCertificateResp.Certificate.Id
+	certName = createCertificateResp.Certificate.Name
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
+	if region == "" {
+		region = "cn-north-4" // ELB 服务默认区域：华北四北京
+	}
+
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcElbRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcElb.ElbClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcElb.NewElbClient(hcClient)
+	return client, nil
+}
+
+func getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error) {
+	if region == "" {
+		region = "cn-north-4" // IAM 服务默认区域：华北四北京
+	}
+
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	hcRegion, err := hcIamRegion.SafeValueOf(region)
+	if err != nil {
+		return "", err
+	}
+
+	hcClient, err := hcIam.IamClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	client := hcIam.NewIamClient(hcClient)
+	if err != nil {
+		return "", err
+	}
+
+	request := &hcIamModel.KeystoneListProjectsRequest{
+		Name: &region,
+	}
+	response, err := client.KeystoneListProjects(request)
+	if err != nil {
+		return "", err
+	} else if response.Projects == nil || len(*response.Projects) == 0 {
+		return "", errors.New("no project found")
+	}
+
+	return (*response.Projects)[0].Id, nil
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@@ -0,0 +1,170 @@
+package huaweicloudscm
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
+	hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
+	hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type HuaweiCloudSCMUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
+}
+
+type HuaweiCloudSCMUploader struct {
+	config    *HuaweiCloudSCMUploaderConfig
+	sdkClient *hcScm.ScmClient
+}
+
+func New(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.SecretAccessKey,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &HuaweiCloudSCMUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 遍历查询已有证书，避免重复上传
+	// REF: https://support.huaweicloud.com/api-ccm/ListCertificates.html
+	// REF: https://support.huaweicloud.com/api-ccm/ExportCertificate_0.html
+	listCertificatesPage := 1
+	listCertificatesLimit := int32(50)
+	listCertificatesOffset := int32(0)
+	for {
+		listCertificatesReq := &hcScmModel.ListCertificatesRequest{
+			Limit:   cast.Int32Ptr(listCertificatesLimit),
+			Offset:  cast.Int32Ptr(listCertificatesOffset),
+			SortDir: cast.StringPtr("DESC"),
+			SortKey: cast.StringPtr("certExpiredTime"),
+		}
+		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ListCertificates'")
+		}
+
+		if listCertificatesResp.Certificates != nil {
+			for _, certDetail := range *listCertificatesResp.Certificates {
+				exportCertificateReq := &hcScmModel.ExportCertificateRequest{
+					CertificateId: certDetail.Id,
+				}
+				exportCertificateResp, err := u.sdkClient.ExportCertificate(exportCertificateReq)
+				if err != nil {
+					if exportCertificateResp != nil && exportCertificateResp.HttpStatusCode == 404 {
+						continue
+					}
+					return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ExportCertificate'")
+				}
+
+				var isSameCert bool
+				if *exportCertificateResp.Certificate == certPem {
+					isSameCert = true
+				} else {
+					cert, err := x509.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
+					if err != nil {
+						continue
+					}
+
+					isSameCert = x509.EqualCertificate(certX509, cert)
+				}
+
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.Id,
+						CertName: certDetail.Name,
+					}, nil
+				}
+			}
+		}
+
+		if listCertificatesResp.Certificates == nil || len(*listCertificatesResp.Certificates) < int(listCertificatesLimit) {
+			break
+		} else {
+			listCertificatesOffset += listCertificatesLimit
+			listCertificatesPage += 1
+			if listCertificatesPage > 99 { // 避免死循环
+				break
+			}
+		}
+	}
+
+	// 生成新证书名（需符合华为云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html
+	importCertificateReq := &hcScmModel.ImportCertificateRequest{
+		Body: &hcScmModel.ImportCertificateRequestBody{
+			Name:        certName,
+			Certificate: certPem,
+			PrivateKey:  privkeyPem,
+		},
+	}
+	importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ImportCertificate'")
+	}
+
+	certId = *importCertificateResp.CertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcScm.ScmClient, error) {
+	if region == "" {
+		region = "cn-north-4" // SCM 服务默认区域：华北四北京
+	}
+
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcScmRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcScm.ScmClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcScm.NewScmClient(hcClient)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
+++ b/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
@@ -0,0 +1,70 @@
+package qiniusslcert
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/qiniu/go-sdk/v7/auth"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
+)
+
+type QiniuSSLCertUploaderConfig struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
+type QiniuSSLCertUploader struct {
+	config    *QiniuSSLCertUploaderConfig
+	sdkClient *qiniuEx.Client
+}
+
+func New(config *QiniuSSLCertUploaderConfig) (*QiniuSSLCertUploader, error) {
+	client, err := createSdkClient(
+		config.AccessKey,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &QiniuSSLCertUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *QiniuSSLCertUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 生成新证书名（需符合七牛云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://developer.qiniu.com/fusion/8593/interface-related-certificate
+	uploadSslCertResp, err := u.sdkClient.UploadSslCert(certName, certX509.Subject.CommonName, certPem, privkeyPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadSslCert'")
+	}
+
+	certId = uploadSslCertResp.CertID
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
+	credential := auth.New(accessKey, secretKey)
+	client := qiniuEx.NewClient(credential)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
+++ b/internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
@@ -0,0 +1,66 @@
+package tencentcloudssl
+
+import (
+	"context"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+)
+
+type TencentCloudSSLUploaderConfig struct {
+	SecretId  string `json:"secretId"`
+	SecretKey string `json:"secretKey"`
+}
+
+type TencentCloudSSLUploader struct {
+	config    *TencentCloudSSLUploaderConfig
+	sdkClient *tcSsl.Client
+}
+
+func New(config *TencentCloudSSLUploaderConfig) (*TencentCloudSSLUploader, error) {
+	client, err := createSdkClient(
+		config.SecretId,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &TencentCloudSSLUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 上传新证书
+	// REF: https://cloud.tencent.com/document/product/400/41665
+	uploadCertificateReq := tcSsl.NewUploadCertificateRequest()
+	uploadCertificateReq.CertificatePublicKey = common.StringPtr(certPem)
+	uploadCertificateReq.CertificatePrivateKey = common.StringPtr(privkeyPem)
+	uploadCertificateReq.Repeatable = common.BoolPtr(false)
+	uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.UploadCertificate'")
+	}
+
+	certId := *uploadCertificateResp.Response.CertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: "",
+	}, nil
+}
+
+func createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) {
+	credential := common.NewCredential(secretId, secretKey)
+	client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/uploader.go
+++ b/internal/pkg/core/uploader/uploader.go
@@ -0,0 +1,27 @@
+package uploader
+
+import "context"
+
+// 表示定义证书上传者的抽象类型接口。
+// 云服务商通常会提供 SSL 证书管理服务，可供用户集中管理证书。
+// 注意与 `Deployer` 区分，“上传”通常为“部署”的前置操作。
+type Uploader interface {
+	// 上传证书。
+	//
+	// 入参：
+	//   - ctx：上下文。
+	//   - certPem：证书 PEM 内容。
+	//   - privkeyPem：私钥 PEM 内容。
+	//
+	// 出参：
+	//   - res：上传结果。
+	//   - err: 错误。
+	Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error)
+}
+
+// 表示证书上传结果的数据结构，包含上传后的证书 ID、名称和其他数据。
+type UploadResult struct {
+	CertId   string         `json:"certId"`
+	CertName string         `json:"certName"`
+	CertData map[string]any `json:"certData,omitempty"`
+}
--- a/internal/pkg/utils/cast/cast.go
+++ b/internal/pkg/utils/cast/cast.go
@@ -0,0 +1,25 @@
+package cast
+
+func Int32Ptr(i int32) *int32 {
+	return &i
+}
+
+func Int64Ptr(i int64) *int64 {
+	return &i
+}
+
+func UInt32Ptr(i uint32) *uint32 {
+	return &i
+}
+
+func UInt64Ptr(i uint64) *uint64 {
+	return &i
+}
+
+func StringPtr(s string) *string {
+	return &s
+}
+
+func BoolPtr(b bool) *bool {
+	return &b
+}
--- a/internal/pkg/utils/fs/fs.go
+++ b/internal/pkg/utils/fs/fs.go
@@ -0,0 +1,52 @@
+package fs
+
+import (
+	"os"
+	"path/filepath"
+
+	xerrors "github.com/pkg/errors"
+)
+
+// 与 [WriteFile] 类似，但写入的是字符串内容。
+//
+// 入参:
+//   - path: 文件路径。
+//   - content: 文件内容。
+//
+// 出参:
+//   - 错误。
+func WriteFileString(path string, content string) error {
+	return WriteFile(path, []byte(content))
+}
+
+// 将数据写入指定路径的文件。
+// 如果目录不存在，将会递归创建目录。
+// 如果文件不存在，将会创建该文件；如果文件已存在，将会覆盖原有内容。
+//
+// 入参:
+//   - path: 文件路径。
+//   - data: 文件数据字节数组。
+//
+// 出参:
+//   - 错误。
+func WriteFile(path string, data []byte) error {
+	dir := filepath.Dir(path)
+
+	err := os.MkdirAll(dir, os.ModePerm)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to create directory")
+	}
+
+	file, err := os.Create(path)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to create file")
+	}
+	defer file.Close()
+
+	_, err = file.Write(data)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to write file")
+	}
+
+	return nil
+}
--- a/internal/pkg/utils/x509/common.go
+++ b/internal/pkg/utils/x509/common.go
@@ -0,0 +1,22 @@
+package x509
+
+import (
+	"crypto/x509"
+)
+
+// 比较两个 x509.Certificate 对象，判断它们是否是同一张证书。
+// 注意，这不是精确比较，而只是基于证书序列号和数字签名的快速判断，但对于权威 CA 签发的证书来说不会存在误判。
+//
+// 入参:
+//   - a: 待比较的第一个 x509.Certificate 对象。
+//   - b: 待比较的第二个 x509.Certificate 对象。
+//
+// 出参:
+//   - 是否相同。
+func EqualCertificate(a, b *x509.Certificate) bool {
+	return string(a.Signature) == string(b.Signature) &&
+		a.SignatureAlgorithm == b.SignatureAlgorithm &&
+		a.SerialNumber.String() == b.SerialNumber.String() &&
+		a.Issuer.SerialNumber == b.Issuer.SerialNumber &&
+		a.Subject.SerialNumber == b.Subject.SerialNumber
+}
--- a/internal/pkg/utils/x509/converter.go
+++ b/internal/pkg/utils/x509/converter.go
@@ -0,0 +1,31 @@
+package x509
+
+import (
+	"crypto/ecdsa"
+	"crypto/x509"
+	"encoding/pem"
+
+	xerrors "github.com/pkg/errors"
+)
+
+// 将 ecdsa.PrivateKey 对象转换为 PEM 编码的字符串。
+//
+// 入参:
+//   - privkey: ecdsa.PrivateKey 对象。
+//
+// 出参:
+//   - privkeyPem: 私钥 PEM 内容。
+//   - err: 错误。
+func ConvertECPrivateKeyToPEM(privkey *ecdsa.PrivateKey) (privkeyPem string, err error) {
+	data, err := x509.MarshalECPrivateKey(privkey)
+	if err != nil {
+		return "", xerrors.Wrap(err, "failed to marshal EC private key")
+	}
+
+	block := &pem.Block{
+		Type:  "EC PRIVATE KEY",
+		Bytes: data,
+	}
+
+	return string(pem.EncodeToMemory(block)), nil
+}
--- a/internal/pkg/utils/x509/parser.go
+++ b/internal/pkg/utils/x509/parser.go
@@ -0,0 +1,83 @@
+package x509
+
+import (
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+
+	xerrors "github.com/pkg/errors"
+)
+
+// 从 PEM 编码的证书字符串解析并返回一个 x509.Certificate 对象。
+//
+// 入参:
+//   - certPem: 证书 PEM 内容。
+//
+// 出参:
+//   - cert: x509.Certificate 对象。
+//   - err: 错误。
+func ParseCertificateFromPEM(certPem string) (cert *x509.Certificate, err error) {
+	pemData := []byte(certPem)
+
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, errors.New("failed to decode PEM block")
+	}
+
+	cert, err = x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to parse certificate")
+	}
+
+	return cert, nil
+}
+
+// 从 PEM 编码的私钥字符串解析并返回一个 ecdsa.PrivateKey 对象。
+//
+// 入参:
+//   - privkeyPem: 私钥 PEM 内容。
+//
+// 出参:
+//   - privkey: ecdsa.PrivateKey 对象。
+//   - err: 错误。
+func ParseECPrivateKeyFromPEM(privkeyPem string) (privkey *ecdsa.PrivateKey, err error) {
+	pemData := []byte(privkeyPem)
+
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, errors.New("failed to decode PEM block")
+	}
+
+	privkey, err = x509.ParseECPrivateKey(block.Bytes)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to parse private key")
+	}
+
+	return privkey, nil
+}
+
+// 从 PEM 编码的私钥字符串解析并返回一个 rsa.PrivateKey 对象。
+//
+// 入参:
+//   - privkeyPem: 私钥 PEM 内容。
+//
+// 出参:
+//   - privkey: rsa.PrivateKey 对象。
+//   - err: 错误。
+func ParsePKCS1PrivateKeyFromPEM(privkeyPem string) (privkey *rsa.PrivateKey, err error) {
+	pemData := []byte(privkeyPem)
+
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, errors.New("failed to decode PEM block")
+	}
+
+	privkey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to parse private key")
+	}
+
+	return privkey, nil
+}
--- a/internal/pkg/vendors/dogecloud-sdk/client.go
+++ b/internal/pkg/vendors/dogecloud-sdk/client.go
@@ -0,0 +1,183 @@
+package dogecloudsdk
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+const dogeHost = "https://api.dogecloud.com"
+
+type Client struct {
+	accessKey string
+	secretKey string
+}
+
+func NewClient(accessKey, secretKey string) *Client {
+	return &Client{accessKey: accessKey, secretKey: secretKey}
+}
+
+func (c *Client) UploadCdnCert(note, cert, private string) (*UploadCdnCertResponse, error) {
+	req := &UploadCdnCertRequest{
+		Note:        note,
+		Certificate: cert,
+		PrivateKey:  private,
+	}
+
+	reqBts, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	reqMap := make(map[string]interface{})
+	err = json.Unmarshal(reqBts, &reqMap)
+	if err != nil {
+		return nil, err
+	}
+
+	respBts, err := c.sendReq(http.MethodPost, "cdn/cert/upload.json", reqMap, true)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &UploadCdnCertResponse{}
+	err = json.Unmarshal(respBts, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) BindCdnCertWithDomain(certId int64, domain string) (*BindCdnCertResponse, error) {
+	req := &BindCdnCertRequest{
+		CertId: certId,
+		Domain: &domain,
+	}
+
+	reqBts, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	reqMap := make(map[string]interface{})
+	err = json.Unmarshal(reqBts, &reqMap)
+	if err != nil {
+		return nil, err
+	}
+
+	respBts, err := c.sendReq(http.MethodPost, "cdn/cert/bind.json", reqMap, true)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &BindCdnCertResponse{}
+	err = json.Unmarshal(respBts, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) BindCdnCertWithDomainId(certId int64, domainId int64) (*BindCdnCertResponse, error) {
+	req := &BindCdnCertRequest{
+		CertId:   certId,
+		DomainId: &domainId,
+	}
+
+	reqBts, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	reqMap := make(map[string]interface{})
+	err = json.Unmarshal(reqBts, &reqMap)
+	if err != nil {
+		return nil, err
+	}
+
+	respBts, err := c.sendReq(http.MethodPost, "cdn/cert/bind.json", reqMap, true)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &BindCdnCertResponse{}
+	err = json.Unmarshal(respBts, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message)
+	}
+
+	return resp, nil
+}
+
+// 调用多吉云的 API。
+// https://docs.dogecloud.com/cdn/api-access-token?id=go
+//
+// 入参：
+//   - method：GET 或 POST
+//   - path：是调用的 API 接口地址，包含 URL 请求参数 QueryString，例如：/console/vfetch/add.json?url=xxx&a=1&b=2
+//   - data：POST 的数据，对象，例如 {a: 1, b: 2}，传递此参数表示不是 GET 请求而是 POST 请求
+//   - jsonMode：数据 data 是否以 JSON 格式请求，默认为 false 则使用表单形式（a=1&b=2）
+func (c *Client) sendReq(method string, path string, data map[string]interface{}, jsonMode bool) ([]byte, error) {
+	body := ""
+	mime := ""
+	if jsonMode {
+		_body, err := json.Marshal(data)
+		if err != nil {
+			return nil, err
+		}
+		body = string(_body)
+		mime = "application/json"
+	} else {
+		values := url.Values{}
+		for k, v := range data {
+			values.Set(k, v.(string))
+		}
+		body = values.Encode()
+		mime = "application/x-www-form-urlencoded"
+	}
+
+	path = strings.TrimPrefix(path, "/")
+	signStr := "/" + path + "\n" + body
+	hmacObj := hmac.New(sha1.New, []byte(c.secretKey))
+	hmacObj.Write([]byte(signStr))
+	sign := hex.EncodeToString(hmacObj.Sum(nil))
+	auth := fmt.Sprintf("TOKEN %s:%s", c.accessKey, sign)
+
+	req, err := http.NewRequest(method, fmt.Sprintf("%s/%s", dogeHost, path), strings.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-Type", mime)
+	req.Header.Add("Authorization", auth)
+
+	client := http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	r, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return r, nil
+}
--- a/internal/pkg/vendors/dogecloud-sdk/models.go
+++ b/internal/pkg/vendors/dogecloud-sdk/models.go
@@ -0,0 +1,31 @@
+package dogecloudsdk
+
+type BaseResponse struct {
+	Code    *int    `json:"code,omitempty"`
+	Message *string `json:"msg,omitempty"`
+}
+
+type UploadCdnCertRequest struct {
+	Note        string `json:"note"`
+	Certificate string `json:"cert"`
+	PrivateKey  string `json:"private"`
+}
+
+type UploadCdnCertResponseData struct {
+	Id int64 `json:"id"`
+}
+
+type UploadCdnCertResponse struct {
+	BaseResponse
+	Data *UploadCdnCertResponseData `json:"data,omitempty"`
+}
+
+type BindCdnCertRequest struct {
+	CertId   int64   `json:"id"`
+	DomainId *int64  `json:"did,omitempty"`
+	Domain   *string `json:"domain,omitempty"`
+}
+
+type BindCdnCertResponse struct {
+	BaseResponse
+}
--- a/internal/pkg/vendors/huaweicloud-cdn-sdk/client.go
+++ b/internal/pkg/vendors/huaweicloud-cdn-sdk/client.go
@@ -0,0 +1,26 @@
+package huaweicloudcdnsdk
+
+import (
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core"
+	hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
+)
+
+type Client struct {
+	hcCdn.CdnClient
+}
+
+func NewClient(hcClient *core.HcHttpClient) *Client {
+	return &Client{
+		CdnClient: *hcCdn.NewCdnClient(hcClient),
+	}
+}
+
+func (c *Client) UploadDomainMultiCertificatesEx(request *UpdateDomainMultiCertificatesExRequest) (*UpdateDomainMultiCertificatesExResponse, error) {
+	requestDef := hcCdn.GenReqDefForUpdateDomainMultiCertificates()
+
+	if resp, err := c.HcClient.Sync(request, requestDef); err != nil {
+		return nil, err
+	} else {
+		return resp.(*UpdateDomainMultiCertificatesExResponse), nil
+	}
+}
--- a/internal/pkg/vendors/huaweicloud-cdn-sdk/models.go
+++ b/internal/pkg/vendors/huaweicloud-cdn-sdk/models.go
@@ -0,0 +1,62 @@
+package huaweicloudcdnsdk
+
+import (
+	hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
+
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+)
+
+type UpdateDomainMultiCertificatesExRequestBodyContent struct {
+	hcCdnModel.UpdateDomainMultiCertificatesRequestBodyContent `json:",inline"`
+
+	// 华为云官方 SDK 中目前提供的字段缺失，这里暂时先需自定义请求，可能需要等之后 SDK 更新。
+	SCMCertificateId *string `json:"scm_certificate_id,omitempty"`
+}
+
+type UpdateDomainMultiCertificatesExRequestBody struct {
+	Https *UpdateDomainMultiCertificatesExRequestBodyContent `json:"https,omitempty"`
+}
+
+type UpdateDomainMultiCertificatesExRequest struct {
+	Body *UpdateDomainMultiCertificatesExRequestBody `json:"body,omitempty"`
+}
+
+type UpdateDomainMultiCertificatesExResponse struct {
+	hcCdnModel.UpdateDomainMultiCertificatesResponse
+}
+
+func (m *UpdateDomainMultiCertificatesExRequestBodyContent) MergeConfig(src *hcCdnModel.ConfigsGetBody) *UpdateDomainMultiCertificatesExRequestBodyContent {
+	if src == nil {
+		return m
+	}
+
+	// 华为云 API 中不传的字段表示使用默认值、而非保留原值，因此这里需要把原配置中的参数重新赋值回去。
+	// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致，需要做很多转化。
+
+	if *src.OriginProtocol == "follow" {
+		m.AccessOriginWay = cast.Int32Ptr(1)
+	} else if *src.OriginProtocol == "http" {
+		m.AccessOriginWay = cast.Int32Ptr(2)
+	} else if *src.OriginProtocol == "https" {
+		m.AccessOriginWay = cast.Int32Ptr(3)
+	}
+
+	if src.ForceRedirect != nil {
+		m.ForceRedirectConfig = &hcCdnModel.ForceRedirect{}
+
+		if src.ForceRedirect.Status == "on" {
+			m.ForceRedirectConfig.Switch = 1
+			m.ForceRedirectConfig.RedirectType = src.ForceRedirect.Type
+		} else {
+			m.ForceRedirectConfig.Switch = 0
+		}
+	}
+
+	if src.Https != nil {
+		if *src.Https.Http2Status == "on" {
+			m.Http2 = cast.Int32Ptr(1)
+		}
+	}
+
+	return m
+}
--- a/internal/pkg/vendors/qiniu-sdk/client.go
+++ b/internal/pkg/vendors/qiniu-sdk/client.go
@@ -0,0 +1,160 @@
+package qiniusdk
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/qiniu/go-sdk/v7/auth"
+
+	xhttp "github.com/usual2970/certimate/internal/utils/http"
+)
+
+const qiniuHost = "https://api.qiniu.com"
+
+type Client struct {
+	mac *auth.Credentials
+}
+
+func NewClient(mac *auth.Credentials) *Client {
+	if mac == nil {
+		mac = auth.Default()
+	}
+	return &Client{mac: mac}
+}
+
+func (c *Client) GetDomainInfo(domain string) (*GetDomainInfoResponse, error) {
+	respBytes, err := c.sendReq(http.MethodGet, fmt.Sprintf("domain/%s", domain), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &GetDomainInfoResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) ModifyDomainHttpsConf(domain, certId string, forceHttps, http2Enable bool) (*ModifyDomainHttpsConfResponse, error) {
+	req := &ModifyDomainHttpsConfRequest{
+		DomainInfoHttpsData: DomainInfoHttpsData{
+			CertID:      certId,
+			ForceHttps:  forceHttps,
+			Http2Enable: http2Enable,
+		},
+	}
+
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	respBytes, err := c.sendReq(http.MethodPut, fmt.Sprintf("domain/%s/httpsconf", domain), bytes.NewReader(reqBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &ModifyDomainHttpsConfResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) EnableDomainHttps(domain, certId string, forceHttps, http2Enable bool) (*EnableDomainHttpsResponse, error) {
+	req := &EnableDomainHttpsRequest{
+		DomainInfoHttpsData: DomainInfoHttpsData{
+			CertID:      certId,
+			ForceHttps:  forceHttps,
+			Http2Enable: http2Enable,
+		},
+	}
+
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	respBytes, err := c.sendReq(http.MethodPut, fmt.Sprintf("domain/%s/sslize", domain), bytes.NewReader(reqBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &EnableDomainHttpsResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) UploadSslCert(name, commonName, certificate, privateKey string) (*UploadSslCertResponse, error) {
+	req := &UploadSslCertRequest{
+		Name:        name,
+		CommonName:  commonName,
+		Certificate: certificate,
+		PrivateKey:  privateKey,
+	}
+
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	respBytes, err := c.sendReq(http.MethodPost, "sslcert", bytes.NewReader(reqBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &UploadSslCertResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("qiniu api error, code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) sendReq(method string, path string, body io.Reader) ([]byte, error) {
+	req := xhttp.BuildReq(fmt.Sprintf("%s/%s", qiniuHost, path), method, body, map[string]string{
+		"Content-Type": "application/json",
+	})
+
+	if err := c.mac.AddToken(auth.TokenQBox, req); err != nil {
+		return nil, err
+	}
+
+	respBody, err := xhttp.ToRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer respBody.Close()
+
+	res, err := io.ReadAll(respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}
--- a/internal/pkg/vendors/qiniu-sdk/models.go
+++ b/internal/pkg/vendors/qiniu-sdk/models.go
@@ -0,0 +1,54 @@
+package qiniusdk
+
+type BaseResponse struct {
+	Code  *int    `json:"code,omitempty"`
+	Error *string `json:"error,omitempty"`
+}
+
+type UploadSslCertRequest struct {
+	Name        string `json:"name"`
+	CommonName  string `json:"common_name"`
+	Certificate string `json:"ca"`
+	PrivateKey  string `json:"pri"`
+}
+
+type UploadSslCertResponse struct {
+	*BaseResponse
+	CertID string `json:"certID"`
+}
+
+type DomainInfoHttpsData struct {
+	CertID      string `json:"certId"`
+	ForceHttps  bool   `json:"forceHttps"`
+	Http2Enable bool   `json:"http2Enable"`
+}
+
+type GetDomainInfoResponse struct {
+	BaseResponse
+	Name               string               `json:"name"`
+	Type               string               `json:"type"`
+	CName              string               `json:"cname"`
+	Https              *DomainInfoHttpsData `json:"https"`
+	PareDomain         string               `json:"pareDomain"`
+	OperationType      string               `json:"operationType"`
+	OperatingState     string               `json:"operatingState"`
+	OperatingStateDesc string               `json:"operatingStateDesc"`
+	CreateAt           string               `json:"createAt"`
+	ModifyAt           string               `json:"modifyAt"`
+}
+
+type ModifyDomainHttpsConfRequest struct {
+	DomainInfoHttpsData
+}
+
+type ModifyDomainHttpsConfResponse struct {
+	BaseResponse
+}
+
+type EnableDomainHttpsRequest struct {
+	DomainInfoHttpsData
+}
+
+type EnableDomainHttpsResponse struct {
+	BaseResponse
+}
--- a/internal/repository/acme_account.go
+++ b/internal/repository/acme_account.go
@@ -0,0 +1,71 @@
+package repository
+
+import (
+	"fmt"
+
+	"github.com/go-acme/lego/v4/registration"
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/models"
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/utils/app"
+	"golang.org/x/sync/singleflight"
+)
+
+type AcmeAccountRepository struct{}
+
+func NewAcmeAccountRepository() *AcmeAccountRepository {
+	return &AcmeAccountRepository{}
+}
+
+var g singleflight.Group
+
+func (r *AcmeAccountRepository) GetByCAAndEmail(ca, email string) (*domain.AcmeAccount, error) {
+	resp, err, _ := g.Do(fmt.Sprintf("acme_account_%s_%s", ca, email), func() (interface{}, error) {
+		resp, err := app.GetApp().Dao().FindFirstRecordByFilter("acme_accounts", "ca={:ca} && email={:email}", dbx.Params{"ca": ca, "email": email})
+		if err != nil {
+			return nil, err
+		}
+		return resp, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if resp == nil {
+		return nil, fmt.Errorf("acme account not found")
+	}
+
+	record, ok := resp.(*models.Record)
+	if !ok {
+		return nil, fmt.Errorf("acme account not found")
+	}
+
+	resource := &registration.Resource{}
+	if err := record.UnmarshalJSONField("resource", resource); err != nil {
+		return nil, err
+	}
+
+	return &domain.AcmeAccount{
+		Id:       record.GetString("id"),
+		Ca:       record.GetString("ca"),
+		Email:    record.GetString("email"),
+		Key:      record.GetString("key"),
+		Resource: resource,
+		Created:  record.GetTime("created"),
+		Updated:  record.GetTime("updated"),
+	}, nil
+}
+
+func (r *AcmeAccountRepository) Save(ca, email, key string, resource *registration.Resource) error {
+	collection, err := app.GetApp().Dao().FindCollectionByNameOrId("acme_accounts")
+	if err != nil {
+		return err
+	}
+
+	record := models.NewRecord(collection)
+	record.Set("ca", ca)
+	record.Set("email", email)
+	record.Set("key", key)
+	record.Set("resource", resource)
+	return app.GetApp().Dao().Save(record)
+}
--- a/internal/repository/setting.go
+++ b/internal/repository/setting.go
@@ -0,0 +1,31 @@
+package repository
+
+import (
+	"context"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/utils/app"
+)
+
+type SettingRepository struct{}
+
+func NewSettingRepository() *SettingRepository {
+	return &SettingRepository{}
+}
+
+func (s *SettingRepository) GetByName(ctx context.Context, name string) (*domain.Setting, error) {
+	resp, err := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='"+name+"'")
+	if err != nil {
+		return nil, err
+	}
+
+	rs := &domain.Setting{
+		ID:      resp.GetString("id"),
+		Name:    resp.GetString("name"),
+		Content: resp.GetString("content"),
+		Created: resp.GetTime("created"),
+		Updated: resp.GetTime("updated"),
+	}
+
+	return rs, nil
+}
--- a/internal/rest/notify.go
+++ b/internal/rest/notify.go
@@ -0,0 +1,41 @@
+package rest
+
+import (
+	"context"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/utils/resp"
+
+	"github.com/labstack/echo/v5"
+)
+
+type NotifyService interface {
+	Test(ctx context.Context, req *domain.NotifyTestPushReq) error
+}
+
+type notifyHandler struct {
+	service NotifyService
+}
+
+func NewNotifyHandler(route *echo.Group, service NotifyService) {
+	handler := &notifyHandler{
+		service: service,
+	}
+
+	group := route.Group("/notify")
+
+	group.POST("/test", handler.test)
+}
+
+func (handler *notifyHandler) test(c echo.Context) error {
+	req := &domain.NotifyTestPushReq{}
+	if err := c.Bind(req); err != nil {
+		return err
+	}
+
+	if err := handler.service.Test(c.Request().Context(), req); err != nil {
+		return resp.Err(c, err)
+	}
+
+	return resp.Succ(c, nil)
+}
--- a/internal/routes/routes.go
+++ b/internal/routes/routes.go
@@ -0,0 +1,19 @@
+package routes
+
+import (
+	"github.com/usual2970/certimate/internal/notify"
+	"github.com/usual2970/certimate/internal/repository"
+	"github.com/usual2970/certimate/internal/rest"
+
+	"github.com/labstack/echo/v5"
+	"github.com/pocketbase/pocketbase/apis"
+)
+
+func Register(e *echo.Echo) {
+	notifyRepo := repository.NewSettingRepository()
+	notifySvc := notify.NewNotifyService(notifyRepo)
+
+	group := e.Group("/api", apis.RequireAdminAuth())
+
+	rest.NewNotifyHandler(group, notifySvc)
+}
--- a/internal/utils/http/http.go
+++ b/internal/utils/http/http.go
@@ -35,11 +35,9 @@ func Req2GetReader(url string, method string, body io.Reader, head map[string]st
 	req := BuildReq(url, method, body, head)

 	return ToRequest(req, opts...)
-
 }

 func BuildReq(url string, method string, body io.Reader, head map[string]string) *http.Request {
-
 	// Create an http.Request instance
 	req, _ := http.NewRequest(method, url, body)
 	for k, v := range head {
--- a/internal/utils/rand/rand.go
+++ b/internal/utils/rand/rand.go
@@ -5,7 +5,8 @@ import (
 	"time"
 )

-// RandStr 随机生成指定长度字符串
+// Deprecated: this will be removed in the future.
+// 随机生成指定长度字符串
 func RandStr(n int) string {
 	seed := time.Now().UnixNano()
 	source := rand.NewSource(seed)
--- a/internal/utils/resp/resp.go
+++ b/internal/utils/resp/resp.go
@@ -0,0 +1,39 @@
+package resp
+
+import (
+	"net/http"
+
+	"github.com/usual2970/certimate/internal/domain"
+
+	"github.com/labstack/echo/v5"
+)
+
+type Response struct {
+	Code int         `json:"code"`
+	Msg  string      `json:"msg"`
+	Data interface{} `json:"data"`
+}
+
+func Succ(e echo.Context, data interface{}) error {
+	rs := &Response{
+		Code: 0,
+		Msg:  "success",
+		Data: data,
+	}
+	return e.JSON(http.StatusOK, rs)
+}
+
+func Err(e echo.Context, err error) error {
+	xerr, ok := err.(*domain.XError)
+	code := 100
+	if ok {
+		code = xerr.GetCode()
+	}
+
+	rs := &Response{
+		Code: code,
+		Msg:  err.Error(),
+		Data: nil,
+	}
+	return e.JSON(http.StatusOK, rs)
+}
--- a/internal/utils/variables/variables.go
+++ b/internal/utils/variables/variables.go
@@ -0,0 +1,29 @@
+package variables
+
+import "strings"
+
+// Parse2Map 将变量赋值字符串解析为map
+func Parse2Map(str string) map[string]string {
+	m := make(map[string]string)
+
+	lines := strings.Split(str, ";")
+
+	for _, line := range lines {
+
+		line = strings.TrimSpace(line)
+
+		if line == "" {
+			continue
+		}
+
+		kv := strings.Split(line, "=")
+
+		if len(kv) != 2 {
+			continue
+		}
+
+		m[kv[0]] = kv[1]
+	}
+
+	return m
+}
--- a/internal/utils/variables/variables_test.go
+++ b/internal/utils/variables/variables_test.go
@@ -0,0 +1,56 @@
+package variables
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestParse2Map(t *testing.T) {
+	type args struct {
+		str string
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[string]string
+	}{
+		{
+			name: "test1",
+			args: args{
+				str: "a=1;b=2;c=3",
+			},
+			want: map[string]string{
+				"a": "1",
+				"b": "2",
+				"c": "3",
+			},
+		},
+		{
+			name: "test2",
+			args: args{
+				str: `a=1;
+				b=2;
+				c=`,
+			},
+			want: map[string]string{
+				"a": "1",
+				"b": "2",
+				"c": "",
+			},
+		},
+		{
+			name: "test3",
+			args: args{
+				str: "1",
+			},
+			want: map[string]string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := Parse2Map(tt.args.str); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Parse2Map() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/internal/utils/xtime/time.go
+++ b/internal/utils/xtime/time.go
@@ -13,3 +13,9 @@ func BeijingTimeStr() string {
 	// 格式化为字符串
 	return now.Format("2006-01-02 15:04:05")
 }
+
+func GetTimeAfter(d time.Duration) string {
+	t := time.Now().UTC()
+
+	return t.Add(d).Format("2006-01-02 15:04:05")
+}
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
 package main

 import (
+	"flag"
 	"log"
 	"os"
 	"strings"
@@ -10,10 +11,12 @@ import (
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/plugins/migratecmd"

-	"certimate/internal/domains"
-	"certimate/internal/utils/app"
-	_ "certimate/migrations"
-	"certimate/ui"
+	_ "github.com/usual2970/certimate/migrations"
+
+	"github.com/usual2970/certimate/internal/domains"
+	"github.com/usual2970/certimate/internal/routes"
+	"github.com/usual2970/certimate/internal/utils/app"
+	"github.com/usual2970/certimate/ui"

 	_ "time/tzdata"
 )
@@ -23,6 +26,12 @@ func main() {

 	isGoRun := strings.HasPrefix(os.Args[0], os.TempDir())

+	// 获取启动命令中的http参数
+	var httpFlag string
+	flag.StringVar(&httpFlag, "http", "127.0.0.1:8090", "HTTP server address")
+	// "serve"影响解析
+	_ = flag.CommandLine.Parse(os.Args[2:])
+
 	migratecmd.MustRegister(app, app.RootCmd, migratecmd.Config{
 		// enable auto creation of migration files when making collection changes in the Admin UI
 		// (the isGoRun check is to enable it only during development)
@@ -32,9 +41,10 @@ func main() {
 	domains.AddEvent()

 	app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
-
 		domains.InitSchedule()

+		routes.Register(e.Router)
+
 		e.Router.GET(
 			"/*",
 			echo.StaticDirectoryHandler(ui.DistDirFS, false),
@@ -44,6 +54,9 @@ func main() {
 		return nil
 	})

+	defer log.Println("Exit!")
+	log.Printf("Visit the website: http://%s", httpFlag)
+
 	if err := app.Start(); err != nil {
 		log.Fatal(err)
 	}
--- a/Show More
+++ b/Show More