v0.2.20

Merge pull request #342 from belier-cn/volcengine-cdn
feat: add volcengine cdn deployer
2024-11-15 08:07:37 +08:00 · 2024-11-15 08:05:27 +08:00 · 2024-11-14 14:28:39 +08:00 · 2024-11-14 14:28:35 +08:00 · 2024-11-14 14:19:00 +08:00 · 2024-11-14 13:39:23 +08:00
140 changed files with 12671 additions and 2737 deletions
--- a/README.md
+++ b/README.md
@@ -72,11 +72,14 @@ make local.run
 ## 三、支持的服务商列表

 |   服务商   | 支持申请证书 | 支持部署证书 | 备注                                                              |
-| :--------: | :----------: | :----------: | ------------------------------------------------------------ |
-|   阿里云   |      √       |      √       | 可签发在阿里云注册的域名；可部署到阿里云 OSS、CDN            |
-|   腾讯云   |      √       |      √       | 可签发在腾讯云注册的域名；可部署到腾讯云 CDN、COS、CLB       |
-|   华为云   |      √       |      √       | 可签发在华为云注册的域名；可部署到华为云 CDN                 |
+| :--------: | :----------: | :----------: | ----------------------------------------------------------------- |
+|   阿里云   |      √       |      √       | 可签发在阿里云注册的域名；可部署到阿里云 OSS、CDN、SLB            |
+|   腾讯云   |      √       |      √       | 可签发在腾讯云注册的域名；可部署到腾讯云 COS、CDN、ECDN、CLB、TEO |
+| 百度智能云 |              |      √       | 可部署到百度智能云 CDN                                            |
+|   华为云   |      √       |      √       | 可签发在华为云注册的域名；可部署到华为云 CDN、ELB                 |
 |   七牛云   |              |      √       | 可部署到七牛云 CDN                                                |
+|   多吉云   |              |      √       | 可部署到多吉云 CDN                                                |
+|  火山引擎  |       √       |      √       | 可签发在火山引擎注册的域名；可部署到火山引擎 Live、CDN                 |
 |    AWS     |      √       |              | 可签发在 AWS Route53 托管的域名                                   |
 | CloudFlare |      √       |              | 可签发在 CloudFlare 注册的域名；CloudFlare 服务自带 SSL 证书      |
 |  GoDaddy   |      √       |              | 可签发在 GoDaddy 注册的域名                                       |
@@ -90,15 +93,13 @@ make local.run

 ## 四、系统截图

-![login](https://i.imgur.com/SYjjbql.jpeg)
-
-![dashboard](https://i.imgur.com/WMVbBId.jpeg)
-
-![domains](https://i.imgur.com/8wit3ZA.jpeg)
-
-![accesses](https://i.imgur.com/EWtOoJ0.jpeg)
-
-![history](https://i.imgur.com/aaPtSW7.jpeg)
+<div align="center">
+<img src="https://i.imgur.com/SYjjbql.jpeg" title="Login page" width="95%"/>
+<img src="https://i.imgur.com/WMVbBId.jpeg" title="Dashboard page" width="47%"/>
+<img src="https://i.imgur.com/8wit3ZA.jpeg" title="Domains page" width="47%"/>
+<img src="https://i.imgur.com/EWtOoJ0.jpeg" title="Accesses page" width="47%"/>
+<img src="https://i.imgur.com/aaPtSW7.jpeg" title="History page" width="47%"/>
+</div>

 ## 五、概念

@@ -170,13 +171,22 @@ Certimate 是一个免费且开源的项目，采用 [MIT 开源协议](LICENSE.

 支持更多服务商、UI 的优化改进、Bug 修复、文档完善等，欢迎大家提交 PR。

-## 八、加入社区
+## 八、免责声明
+
+本软件依据 MIT 许可证（MIT License）发布，免费提供，旨在“按现状”供用户使用。作者及贡献者不对使用本软件所产生的任何直接或间接后果承担责任，包括但不限于性能下降、数据丢失、服务中断、或任何其他类型的损害。
+
+无任何保证：本软件不提供任何明示或暗示的保证，包括但不限于对特定用途的适用性、无侵权性、商用性及可靠性的保证。
+
+用户责任：使用本软件即表示您理解并同意承担由此产生的一切风险及责任。
+
+## 九、加入社区

 - [Telegram-a new era of messaging](https://t.me/+ZXphsppxUg41YmVl)
 - 微信群聊（超 200 人需邀请入群，可先加作者好友）

 <img src="https://i.imgur.com/8xwsLTA.png" width="400"/>

-## 九、Star 趋势图
+## 十、Star 趋势图

 [![Stargazers over time](https://starchart.cc/usual2970/certimate.svg?variant=adaptive)](https://starchart.cc/usual2970/certimate)
+
--- a/README_EN.md
+++ b/README_EN.md
@@ -59,7 +59,7 @@ make local.run

 ## Usage

-After completing the installation steps above, you can access the Certimate management page by visiting http://127.0.0.1:8090 in your browser.
+After completing the installation steps above, you can access the Certimate management page by visiting <http://127.0.0.1:8090> in your browser.

 ```bash
 username：admin@certimate.fun
@@ -71,11 +71,14 @@ password：1234567890
 ## List of Supported Providers

 |   Provider    | Registration | Deployment | Remarks                                                                                                     |
-| :-----------: | :----------: | :--------: | ------------------------------------------------------------------------------------------- |
-| Alibaba Cloud |      √       |     √      | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN |
-| Tencent Cloud |      √       |     √      | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud CDN, COS, CLB |
-| Huawei Cloud  |      √       |     √      | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN        |
+| :-----------: | :----------: | :--------: |-------------------------------------------------------------------------------------------------------------|
+| Alibaba Cloud |      √       |     √      | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN,SLB             |
+| Tencent Cloud |      √       |     √      | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, ECDN, CLB, TEO |
+|  Baidu Cloud  |              |     √      | Supports deployment to Baidu Cloud CDN                                                                      |
+| Huawei Cloud  |      √       |     √      | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB                   |
 |  Qiniu Cloud  |              |     √      | Supports deployment to Qiniu Cloud CDN                                                                      |
+|  Doge Cloud   |              |     √      | Supports deployment to Doge Cloud CDN                                                                       |
+|  Volcengine   |      √       |     √      | Supports domains registered on Volcengine; supports deployment to Volcengine Live, CDN                      |
 |      AWS      |      √       |            | Supports domains managed on AWS Route53                                                                     |
 |  CloudFlare   |      √       |            | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates                   |
 |    GoDaddy    |      √       |            | Supports domains registered on GoDaddy                                                                      |
@@ -89,15 +92,13 @@ password：1234567890

 ## Screenshots

-![login](https://i.imgur.com/SYjjbql.jpeg)
-
-![dashboard](https://i.imgur.com/WMVbBId.jpeg)
-
-![domains](https://i.imgur.com/8wit3ZA.jpeg)
-
-![accesses](https://i.imgur.com/EWtOoJ0.jpeg)
-
-![history](https://i.imgur.com/aaPtSW7.jpeg)
+<div align="center">
+<img src="https://i.imgur.com/SYjjbql.jpeg" title="Login page" width="95%"/>
+<img src="https://i.imgur.com/WMVbBId.jpeg" title="Dashboard page" width="47%"/>
+<img src="https://i.imgur.com/8wit3ZA.jpeg" title="Domains page" width="47%"/>
+<img src="https://i.imgur.com/EWtOoJ0.jpeg" title="Accesses page" width="47%"/>
+<img src="https://i.imgur.com/aaPtSW7.jpeg" title="History page" width="47%"/>
+</div>

 ## Concepts

@@ -169,6 +170,14 @@ You can support the development of Certimate in the following ways:

 Support for more service providers, UI enhancements, bug fixes, and documentation improvements are all welcome. We encourage everyone to submit pull requests (PRs).

+## Disclaimer
+
+This software is provided under the MIT License and distributed “as-is” without any warranty of any kind. The authors and contributors are not responsible for any damages or losses resulting from the use or inability to use this software, including but not limited to data loss, business interruption, or any other potential harm.
+
+No Warranties: This software comes without any express or implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
+
+User Responsibility: By using this software, you agree to take full responsibility for any outcomes resulting from its use.
+
 ## Join the Community

 - [Telegram-a new era of messaging](https://t.me/+ZXphsppxUg41YmVl)
--- a/go.mod
+++ b/go.mod
@@ -5,27 +5,37 @@ go 1.22.0
 toolchain go1.23.2

 require (
+	github.com/alibabacloud-go/alb-20200616/v2 v2.2.1
 	github.com/alibabacloud-go/cas-20200407/v3 v3.0.1
 	github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0
 	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10
+	github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3
+	github.com/alibabacloud-go/slb-20140515/v4 v4.0.9
 	github.com/alibabacloud-go/tea v1.2.2
-	github.com/alibabacloud-go/tea-utils/v2 v2.0.6
 	github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
-	github.com/go-acme/lego/v4 v4.19.2
+	github.com/baidubce/bce-sdk-go v0.9.197
+	github.com/go-acme/lego/v4 v4.20.2
 	github.com/gojek/heimdall/v7 v7.0.3
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.114
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120
 	github.com/labstack/echo/v5 v5.0.0-20230722203903-ec5b858dab61
 	github.com/nikoksr/notify v1.0.0
+	github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0
 	github.com/pkg/sftp v1.13.6
 	github.com/pocketbase/dbx v1.10.1
 	github.com/pocketbase/pocketbase v0.22.18
 	github.com/qiniu/go-sdk/v7 v7.22.0
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1017
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1031
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1034
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.992
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1030
+	github.com/volcengine/volc-sdk-golang v1.0.184
 	golang.org/x/crypto v0.28.0
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+	k8s.io/api v0.31.1
 	k8s.io/apimachinery v0.31.1
 	k8s.io/client-go v0.31.1
+	software.sslmate.com/src/go-pkcs12 v0.5.0
 )

 require (
@@ -33,7 +43,8 @@ require (
 	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
 	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
 	github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.43.2 // indirect
+	github.com/alibabacloud-go/tea-utils/v2 v2.0.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0 // indirect
 	github.com/blinkbean/dingtalk v1.1.3 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -58,7 +69,6 @@ require (
 	go.mongodb.org/mongo-driver v1.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/api v0.31.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
@@ -77,43 +87,43 @@ require (
 	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
 	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.63.15 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.63.47 // indirect
 	github.com/aliyun/credentials-go v1.3.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.28.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.19 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.61.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
-	github.com/aws/smithy-go v1.20.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
+	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/clbanning/mxj/v2 v2.5.6 // indirect
-	github.com/cloudflare/cloudflare-go v0.104.0 // indirect
+	github.com/cloudflare/cloudflare-go v0.108.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/disintegration/imaging v1.6.2 // indirect
-	github.com/domodwyer/mailyak/v3 v3.6.2 // indirect
+	github.com/domodwyer/mailyak/v3 v3.6.2
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/fatih/color v1.17.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
 	github.com/ganigeorgiev/fexpr v0.4.1 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gojek/valkyrie v0.0.0-20180215180059-6aee720afcdf // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -134,14 +144,14 @@ require (
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nrdcg/namesilo v0.2.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pkg/errors v0.9.1
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/stretchr/testify v1.9.0 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1002 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1034 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
@@ -151,15 +161,15 @@ require (
 	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sync v0.8.0
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/term v0.25.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.25.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
-	google.golang.org/api v0.202.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/api v0.204.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
--- a/go.sum
+++ b/go.sum
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -35,6 +35,7 @@ const (
 	configTypeGodaddy     = "godaddy"
 	configTypePdns        = "pdns"
 	configTypeHttpreq     = "httpreq"
+	configTypeVolcengine  = "volcengine"
 )

 const defaultSSLProvider = "letsencrypt"
@@ -98,7 +99,7 @@ func newApplyUser(ca, email string) (*ApplyUser, error) {
 		if err != nil {
 			return nil, err
 		}
-		keyStr, err := x509.PrivateKeyToPEM(privateKey)
+		keyStr, err := x509.ConvertECPrivateKeyToPEM(privateKey)
 		if err != nil {
 			return nil, err
 		}
@@ -122,7 +123,7 @@ func (u ApplyUser) GetRegistration() *registration.Resource {
 }

 func (u *ApplyUser) GetPrivateKey() crypto.PrivateKey {
-	rs, _ := x509.ParsePrivateKeyFromPEM(u.key)
+	rs, _ := x509.ParseECPrivateKeyFromPEM(u.key)
 	return rs
 }

@@ -188,6 +189,8 @@ func Get(record *models.Record) (Applicant, error) {
 		return NewPdns(option), nil
 	case configTypeHttpreq:
 		return NewHttpreq(option), nil
+	case configTypeVolcengine:
+		return NewVolcengine(option), nil
 	default:
 		return nil, errors.New("unknown config type")
 	}
--- a/internal/applicant/volcengine.go
+++ b/internal/applicant/volcengine.go
@@ -0,0 +1,35 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	volcengineDns "github.com/go-acme/lego/v4/providers/dns/volcengine"
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type volcengine struct {
+	option *ApplyOption
+}
+
+func NewVolcengine(option *ApplyOption) Applicant {
+	return &volcengine{
+		option: option,
+	}
+}
+
+func (a *volcengine) Apply() (*Certificate, error) {
+	access := &domain.VolcengineAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	os.Setenv("VOLC_ACCESSKEY", access.AccessKeyID)
+	os.Setenv("VOLC_SECRETKEY", access.SecretAccessKey)
+	os.Setenv("VOLC_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	dnsProvider, err := volcengineDns.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, dnsProvider)
+}
--- a/internal/deployer/aliyun_alb.go
+++ b/internal/deployer/aliyun_alb.go
@@ -0,0 +1,281 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+
+	aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderAliyunCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+)
+
+type AliyunALBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *aliyunAlb.Client
+	sslUploader uploader.Uploader
+}
+
+func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunALBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	aliCasRegion := option.DeployConfig.GetConfigAsString("region")
+	if aliCasRegion != "" {
+		// 阿里云 CAS 服务接入点是独立于 ALB 服务的
+		// 国内版接入点：华东一杭州
+		// 国际版接入点：亚太东南一新加坡
+		if !strings.HasPrefix(aliCasRegion, "cn-") {
+			aliCasRegion = "ap-southeast-1"
+		} else {
+			aliCasRegion = "cn-hangzhou"
+		}
+	}
+	uploader, err := uploaderAliyunCas.New(&uploaderAliyunCas.AliyunCASUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		AccessKeySecret: access.AccessKeySecret,
+		Region:          aliCasRegion,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &AliyunALBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *AliyunALBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunALBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunALBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "loadbalancer":
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *AliyunALBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunAlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // ALB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou-finance":
+		endpoint = "alb.cn-hangzhou.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunAlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	aliListenerIds := make([]string, 0)
+
+	// 查询负载均衡实例的详细信息
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
+	getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+	}
+	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例", getLoadBalancerAttributeResp))
+
+	// 查询 HTTPS 监听列表
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
+	listListenersPage := 1
+	listListenersLimit := int32(100)
+	var listListenersToken *string = nil
+	for {
+		listListenersReq := &aliyunAlb.ListListenersRequest{
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("HTTPS"),
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
+		}
+
+		if listListenersResp.Body.Listeners != nil {
+			for _, listener := range listListenersResp.Body.Listeners {
+				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
+			}
+		}
+
+		if listListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = listListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 HTTPS 监听", aliListenerIds))
+
+	// 查询 QUIC 监听列表
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
+	listListenersPage = 1
+	listListenersToken = nil
+	for {
+		listListenersReq := &aliyunAlb.ListListenersRequest{
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("QUIC"),
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
+		}
+
+		if listListenersResp.Body.Listeners != nil {
+			for _, listener := range listListenersResp.Body.Listeners {
+				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
+			}
+		}
+
+		if listListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = listListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", aliListenerIds))
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听证书
+	var errs []error
+	for _, aliListenerId := range aliListenerIds {
+		if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *AliyunALBDeployer) deployToListener(ctx context.Context) error {
+	aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if aliListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听
+	if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error {
+	// 查询监听的属性
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getlistenerattribute
+	getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
+		ListenerId: tea.String(aliListenerId),
+	}
+	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ALB 监听配置", getListenerAttributeResp))
+
+	// 修改监听的属性
+	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
+	updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
+		ListenerId: tea.String(aliListenerId),
+		Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
+			CertificateId: tea.String(aliCertId),
+		}},
+	}
+	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 ALB 监听配置", updateListenerAttributeResp))
+
+	return nil
+}
--- a/internal/deployer/aliyun_cdn.go
+++ b/internal/deployer/aliyun_cdn.go
@@ -4,39 +4,41 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"time"

-	cdn20180510 "github.com/alibabacloud-go/cdn-20180510/v5/client"
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
+	aliyunCdn "github.com/alibabacloud-go/cdn-20180510/v5/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/utils/rand"
 )

 type AliyunCDNDeployer struct {
-	client *cdn20180510.Client
 	option *DeployerOption
 	infos  []string
+
+	sdkClient *aliyunCdn.Client
 }

-func NewAliyunCDNDeployer(option *DeployerOption) (*AliyunCDNDeployer, error) {
+func NewAliyunCDNDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.AliyunAccess{}
-	json.Unmarshal([]byte(option.Access), access)
-
-	d := &AliyunCDNDeployer{
-		option: option,
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
 	}

-	client, err := d.createClient(access.AccessKeyId, access.AccessKeySecret)
+	client, err := (&AliyunCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+	)
 	if err != nil {
-		return nil, err
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
 	}

 	return &AliyunCDNDeployer{
-		client: client,
 		option:    option,
 		infos:     make([]string, 0),
+		sdkClient: client,
 	}, nil
 }

@@ -44,41 +46,43 @@ func (d *AliyunCDNDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *AliyunCDNDeployer) GetInfo() []string {
+func (d *AliyunCDNDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *AliyunCDNDeployer) Deploy(ctx context.Context) error {
-	certName := fmt.Sprintf("%s-%s-%s", d.option.Domain, d.option.DomainId, rand.RandStr(6))
-	setCdnDomainSSLCertificateRequest := &cdn20180510.SetCdnDomainSSLCertificateRequest{
-		DomainName:  tea.String(getDeployString(d.option.DeployConfig, "domain")),
-		CertName:    tea.String(certName),
+	// 设置 CDN 域名域名证书
+	// REF: https://help.aliyun.com/zh/cdn/developer-reference/api-cdn-2018-05-10-setcdndomainsslcertificate
+	setCdnDomainSSLCertificateReq := &aliyunCdn.SetCdnDomainSSLCertificateRequest{
+		DomainName:  tea.String(d.option.DeployConfig.GetConfigAsString("domain")),
+		CertRegion:  tea.String(d.option.DeployConfig.GetConfigOrDefaultAsString("region", "cn-hangzhou")),
+		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
 		CertType:    tea.String("upload"),
 		SSLProtocol: tea.String("on"),
 		SSLPub:      tea.String(d.option.Certificate.Certificate),
 		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
-		CertRegion:  tea.String("cn-hangzhou"),
 	}
-
-	runtime := &util.RuntimeOptions{}
-
-	resp, err := d.client.SetCdnDomainSSLCertificateWithOptions(setCdnDomainSSLCertificateRequest, runtime)
+	setCdnDomainSSLCertificateResp, err := d.sdkClient.SetCdnDomainSSLCertificate(setCdnDomainSSLCertificateReq)
 	if err != nil {
-		return err
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate'")
 	}

-	d.infos = append(d.infos, toStr("cdn设置证书", resp))
+	d.infos = append(d.infos, toStr("已设置 CDN 域名证书", setCdnDomainSSLCertificateResp))

 	return nil
 }

-func (d *AliyunCDNDeployer) createClient(accessKeyId, accessKeySecret string) (_result *cdn20180510.Client, _err error) {
-	config := &openapi.Config{
+func (d *AliyunCDNDeployer) createSdkClient(accessKeyId, accessKeySecret string) (*aliyunCdn.Client, error) {
+	aConfig := &aliyunOpen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
+		Endpoint:        tea.String("cdn.aliyuncs.com"),
 	}
-	config.Endpoint = tea.String("cdn.aliyuncs.com")
-	_result = &cdn20180510.Client{}
-	_result, _err = cdn20180510.NewClient(config)
-	return _result, _err
+
+	client, err := aliyunCdn.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
 }
--- a/internal/deployer/aliyun_clb.go
+++ b/internal/deployer/aliyun_clb.go
@@ -0,0 +1,286 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderAliyunSlb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-slb"
+)
+
+type AliyunCLBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *aliyunSlb.Client
+	sslUploader uploader.Uploader
+}
+
+func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunCLBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderAliyunSlb.New(&uploaderAliyunSlb.AliyunSLBUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		AccessKeySecret: access.AccessKeySecret,
+		Region:          option.DeployConfig.GetConfigAsString("region"),
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &AliyunCLBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *AliyunCLBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunCLBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunCLBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "loadbalancer":
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *AliyunCLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // CLB(SLB) 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case
+		"cn-hangzhou",
+		"cn-hangzhou-finance",
+		"cn-shanghai-finance-1",
+		"cn-shenzhen-finance-1":
+		endpoint = "slb.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunSlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	aliListenerPorts := make([]int32, 0)
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	// 查询负载均衡实例的详细信息
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
+	describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
+		RegionId:       tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+	}
+	describeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttribute(describeLoadBalancerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例", describeLoadBalancerAttributeResp))
+
+	// 查询 HTTPS 监听列表
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners
+	listListenersPage := 1
+	listListenersLimit := int32(100)
+	var listListenersToken *string = nil
+	for {
+		describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
+			RegionId:         tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerId:   []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("https"),
+		}
+		describeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListeners(describeLoadBalancerListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerListeners'")
+		}
+
+		if describeLoadBalancerListenersResp.Body.Listeners != nil {
+			for _, listener := range describeLoadBalancerListenersResp.Body.Listeners {
+				aliListenerPorts = append(aliListenerPorts, *listener.ListenerPort)
+			}
+		}
+
+		if describeLoadBalancerListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = describeLoadBalancerListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", aliListenerPorts))
+
+	// 上传证书到 SLB
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听证书
+	var errs []error
+	for _, aliListenerPort := range aliListenerPorts {
+		if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *AliyunCLBDeployer) deployToListener(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	aliListenerPort := d.option.DeployConfig.GetConfigAsInt32("listenerPort")
+	if aliListenerPort == 0 {
+		return errors.New("`listenerPort` is required")
+	}
+
+	// 上传证书到 SLB
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听
+	if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLoadbalancerId string, aliListenerPort int32, aliCertId string) error {
+	// 查询监听配置
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerhttpslistenerattribute
+	describeLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.DescribeLoadBalancerHTTPSListenerAttributeRequest{
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+		ListenerPort:   tea.Int32(aliListenerPort),
+	}
+	describeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttribute(describeLoadBalancerHTTPSListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp))
+
+	// 查询扩展域名
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
+	describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
+		RegionId:       tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+		ListenerPort:   tea.Int32(aliListenerPort),
+	}
+	describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 CLB 扩展域名", describeDomainExtensionsResp))
+
+	// 遍历修改扩展域名
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
+	//
+	// 这里仅修改跟被替换证书一致的扩展域名
+	if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
+		for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
+			if *domainExtension.ServerCertificateId != *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
+				continue
+			}
+
+			setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
+				RegionId:            tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+				DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
+				ServerCertificateId: tea.String(aliCertId),
+			}
+			_, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'")
+			}
+		}
+	}
+
+	// 修改监听配置
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
+	//
+	// 注意修改监听配置要放在修改扩展域名之后
+	setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
+		RegionId:            tea.String(d.option.DeployConfig.GetConfigAsString("region")),
+		LoadBalancerId:      tea.String(aliLoadbalancerId),
+		ListenerPort:        tea.Int32(aliListenerPort),
+		ServerCertificateId: tea.String(aliCertId),
+	}
+	setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp))
+
+	return nil
+}
--- a/internal/deployer/aliyun_dcdn.go
+++ b/internal/deployer/aliyun_dcdn.go
@@ -0,0 +1,95 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunDcdn "github.com/alibabacloud-go/dcdn-20180115/v3/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type AliyunDCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient *aliyunDcdn.Client
+}
+
+func NewAliyunDCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunDCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunDCDNDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *AliyunDCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunDCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunDCDNDeployer) Deploy(ctx context.Context) error {
+	// 支持泛解析域名，在 Aliyun DCDN 中泛解析域名表示为 .example.com
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domain = strings.TrimPrefix(domain, "*")
+	}
+
+	// 配置域名证书
+	// REF: https://help.aliyun.com/zh/edge-security-acceleration/dcdn/developer-reference/api-dcdn-2018-01-15-setdcdndomainsslcertificate
+	setDcdnDomainSSLCertificateReq := &aliyunDcdn.SetDcdnDomainSSLCertificateRequest{
+		DomainName:  tea.String(domain),
+		CertRegion:  tea.String(d.option.DeployConfig.GetConfigOrDefaultAsString("region", "cn-hangzhou")),
+		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
+		CertType:    tea.String("upload"),
+		SSLProtocol: tea.String("on"),
+		SSLPub:      tea.String(d.option.Certificate.Certificate),
+		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
+	}
+	setDcdnDomainSSLCertificateResp, err := d.sdkClient.SetDcdnDomainSSLCertificate(setDcdnDomainSSLCertificateReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate'")
+	}
+
+	d.infos = append(d.infos, toStr("已配置 DCDN 域名证书", setDcdnDomainSSLCertificateResp))
+
+	return nil
+}
+
+func (d *AliyunDCDNDeployer) createSdkClient(accessKeyId, accessKeySecret string) (*aliyunDcdn.Client, error) {
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+		Endpoint:        tea.String("dcdn.aliyuncs.com"),
+	}
+
+	client, err := aliyunDcdn.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/aliyun_esa.go
+++ b/internal/deployer/aliyun_esa.go
@@ -1,97 +0,0 @@
-/*
- * @Author: Bin
- * @Date: 2024-09-17
- * @FilePath: /certimate/internal/deployer/aliyun_esa.go
- */
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	dcdn20180115 "github.com/alibabacloud-go/dcdn-20180115/v3/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
-	"github.com/alibabacloud-go/tea/tea"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/utils/rand"
-)
-
-type AliyunESADeployer struct {
-	client *dcdn20180115.Client
-	option *DeployerOption
-	infos  []string
-}
-
-func NewAliyunESADeployer(option *DeployerOption) (*AliyunESADeployer, error) {
-	access := &domain.AliyunAccess{}
-	json.Unmarshal([]byte(option.Access), access)
-
-	d := &AliyunESADeployer{
-		option: option,
-	}
-
-	client, err := d.createClient(access.AccessKeyId, access.AccessKeySecret)
-	if err != nil {
-		return nil, err
-	}
-
-	return &AliyunESADeployer{
-		client: client,
-		option: option,
-		infos:  make([]string, 0),
-	}, nil
-}
-
-func (d *AliyunESADeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunESADeployer) GetInfo() []string {
-	return d.infos
-}
-
-func (d *AliyunESADeployer) Deploy(ctx context.Context) error {
-	certName := fmt.Sprintf("%s-%s-%s", d.option.Domain, d.option.DomainId, rand.RandStr(6))
-
-	// 支持泛解析域名，在 Aliyun DCND 中泛解析域名表示为 .example.com
-	domain := getDeployString(d.option.DeployConfig, "domain")
-	if strings.HasPrefix(domain, "*") {
-		domain = strings.TrimPrefix(domain, "*")
-	}
-
-	setDcdnDomainSSLCertificateRequest := &dcdn20180115.SetDcdnDomainSSLCertificateRequest{
-		DomainName:  tea.String(domain),
-		CertName:    tea.String(certName),
-		CertType:    tea.String("upload"),
-		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(d.option.Certificate.Certificate),
-		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
-		CertRegion:  tea.String("cn-hangzhou"),
-	}
-
-	runtime := &util.RuntimeOptions{}
-
-	resp, err := d.client.SetDcdnDomainSSLCertificateWithOptions(setDcdnDomainSSLCertificateRequest, runtime)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("dcdn设置证书", resp))
-
-	return nil
-}
-
-func (d *AliyunESADeployer) createClient(accessKeyId, accessKeySecret string) (_result *dcdn20180115.Client, _err error) {
-	config := &openapi.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-	config.Endpoint = tea.String("dcdn.aliyuncs.com")
-	_result = &dcdn20180115.Client{}
-	_result, _err = dcdn20180115.NewClient(config)
-	return _result, _err
-}
--- a/internal/deployer/aliyun_nlb.go
+++ b/internal/deployer/aliyun_nlb.go
@@ -0,0 +1,245 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunNlb "github.com/alibabacloud-go/nlb-20220430/v2/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderAliyunCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+)
+
+type AliyunNLBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *aliyunNlb.Client
+	sslUploader uploader.Uploader
+}
+
+func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.AliyunAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&AliyunNLBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	aliCasRegion := option.DeployConfig.GetConfigAsString("region")
+	if aliCasRegion != "" {
+		// 阿里云 CAS 服务接入点是独立于 NLB 服务的
+		// 国内版接入点：华东一杭州
+		// 国际版接入点：亚太东南一新加坡
+		if !strings.HasPrefix(aliCasRegion, "cn-") {
+			aliCasRegion = "ap-southeast-1"
+		} else {
+			aliCasRegion = "cn-hangzhou"
+		}
+	}
+	uploader, err := uploaderAliyunCas.New(&uploaderAliyunCas.AliyunCASUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		AccessKeySecret: access.AccessKeySecret,
+		Region:          aliCasRegion,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &AliyunNLBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *AliyunNLBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *AliyunNLBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *AliyunNLBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "loadbalancer":
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *AliyunNLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // NLB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	default:
+		endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunNlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if aliLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	aliListenerIds := make([]string, 0)
+
+	// 查询负载均衡实例的详细信息
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
+	getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
+		LoadBalancerId: tea.String(aliLoadbalancerId),
+	}
+	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetLoadBalancerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例", getLoadBalancerAttributeResp))
+
+	// 查询 TCPSSL 监听列表
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners
+	listListenersPage := 1
+	listListenersLimit := int32(100)
+	var listListenersToken *string = nil
+	for {
+		listListenersReq := &aliyunNlb.ListListenersRequest{
+			MaxResults:       tea.Int32(listListenersLimit),
+			NextToken:        listListenersToken,
+			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
+			ListenerProtocol: tea.String("TCPSSL"),
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'nlb.ListListeners'")
+		}
+
+		if listListenersResp.Body.Listeners != nil {
+			for _, listener := range listListenersResp.Body.Listeners {
+				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
+			}
+		}
+
+		if listListenersResp.Body.NextToken == nil {
+			break
+		} else {
+			listListenersToken = listListenersResp.Body.NextToken
+			listListenersPage += 1
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", aliListenerIds))
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听证书
+	var errs []error
+	for _, aliListenerId := range aliListenerIds {
+		if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *AliyunNLBDeployer) deployToListener(ctx context.Context) error {
+	aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if aliListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听
+	if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error {
+	// 查询监听的属性
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getlistenerattribute
+	getListenerAttributeReq := &aliyunNlb.GetListenerAttributeRequest{
+		ListenerId: tea.String(aliListenerId),
+	}
+	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 NLB 监听配置", getListenerAttributeResp))
+
+	// 修改监听的属性
+	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-updatelistenerattribute
+	updateListenerAttributeReq := &aliyunNlb.UpdateListenerAttributeRequest{
+		ListenerId:     tea.String(aliListenerId),
+		CertificateIds: []*string{tea.String(aliCertId)},
+	}
+	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.UpdateListenerAttribute'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 NLB 监听配置", updateListenerAttributeResp))
+
+	return nil
+}
--- a/internal/deployer/aliyun_oss.go
+++ b/internal/deployer/aliyun_oss.go
@@ -3,48 +3,62 @@ package deployer
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"

 	"github.com/aliyun/aliyun-oss-go-sdk/oss"
+	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/domain"
 )

 type AliyunOSSDeployer struct {
-	client *oss.Client
 	option *DeployerOption
 	infos  []string
+
+	sdkClient *oss.Client
 }

 func NewAliyunOSSDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.AliyunAccess{}
-	json.Unmarshal([]byte(option.Access), access)
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}

-	d := &AliyunOSSDeployer{
+	client, err := (&AliyunOSSDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.AccessKeySecret,
+		option.DeployConfig.GetConfigAsString("endpoint"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunOSSDeployer{
 		option:    option,
 		infos:     make([]string, 0),
-	}
-
-	client, err := d.createClient(access.AccessKeyId, access.AccessKeySecret)
-	if err != nil {
-		return nil, err
-	}
-	d.client = client
-
-	return d, nil
+		sdkClient: client,
+	}, nil
 }

 func (d *AliyunOSSDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *AliyunOSSDeployer) GetInfo() []string {
+func (d *AliyunOSSDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *AliyunOSSDeployer) Deploy(ctx context.Context) error {
-	err := d.client.PutBucketCnameWithCertificate(getDeployString(d.option.DeployConfig, "bucket"), oss.PutBucketCname{
-		Cname: getDeployString(d.option.DeployConfig, "domain"),
+	aliBucket := d.option.DeployConfig.GetConfigAsString("bucket")
+	if aliBucket == "" {
+		return errors.New("`bucket` is required")
+	}
+
+	// 为存储空间绑定自定义域名
+	// REF: https://help.aliyun.com/zh/oss/developer-reference/putcname
+	err := d.sdkClient.PutBucketCnameWithCertificate(aliBucket, oss.PutBucketCname{
+		Cname: d.option.DeployConfig.GetConfigAsString("domain"),
 		CertificateConfiguration: &oss.CertificateConfiguration{
 			Certificate: d.option.Certificate.Certificate,
 			PrivateKey:  d.option.Certificate.PrivateKey,
@@ -52,19 +66,21 @@ func (d *AliyunOSSDeployer) Deploy(ctx context.Context) error {
 		},
 	})
 	if err != nil {
-		return fmt.Errorf("deploy aliyun oss error: %w", err)
+		return xerrors.Wrap(err, "failed to execute sdk request 'oss.PutBucketCnameWithCertificate'")
 	}
+
 	return nil
 }

-func (d *AliyunOSSDeployer) createClient(accessKeyId, accessKeySecret string) (*oss.Client, error) {
-	client, err := oss.New(
-		getDeployString(d.option.DeployConfig, "endpoint"),
-		accessKeyId,
-		accessKeySecret,
-	)
-	if err != nil {
-		return nil, fmt.Errorf("create aliyun client error: %w", err)
+func (d *AliyunOSSDeployer) createSdkClient(accessKeyId, accessKeySecret, endpoint string) (*oss.Client, error) {
+	if endpoint == "" {
+		endpoint = "oss.aliyuncs.com"
 	}
+
+	client, err := oss.New(endpoint, accessKeyId, accessKeySecret)
+	if err != nil {
+		return nil, err
+	}
+
 	return client, nil
 }
--- a/internal/deployer/baiducloud_cdn.go
+++ b/internal/deployer/baiducloud_cdn.go
@@ -0,0 +1,80 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	bceCdn "github.com/baidubce/bce-sdk-go/services/cdn"
+	bceCdnApi "github.com/baidubce/bce-sdk-go/services/cdn/api"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type BaiduCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient *bceCdn.Client
+}
+
+func NewBaiduCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.BaiduCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&BaiduCloudCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.SecretAccessKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &BaiduCloudCDNDeployer{
+		option:    option,
+		infos:     make([]string, 0),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *BaiduCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *BaiduCloudCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *BaiduCloudCDNDeployer) Deploy(ctx context.Context) error {
+	// 修改域名证书
+	// REF: https://cloud.baidu.com/doc/CDN/s/qjzuz2hp8
+	putCertResp, err := d.sdkClient.PutCert(
+		d.option.DeployConfig.GetConfigAsString("domain"),
+		&bceCdnApi.UserCertificate{
+			CertName:    fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
+			ServerData:  d.option.Certificate.Certificate,
+			PrivateData: d.option.Certificate.PrivateKey,
+		},
+		"ON",
+	)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.PutCert'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改域名证书", putCertResp))
+
+	return nil
+}
+
+func (d *BaiduCloudCDNDeployer) createSdkClient(accessKeyId, secretAccessKey string) (*bceCdn.Client, error) {
+	client, err := bceCdn.NewClient(accessKeyId, secretAccessKey, "")
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -1,38 +1,52 @@
 package deployer

 import (
+	"bytes"
 	"context"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
 	"fmt"
-	"strings"
+	"time"

+	"github.com/pavlo-v-chernykh/keystore-go/v4"
 	"github.com/pocketbase/pocketbase/models"
+	"software.sslmate.com/src/go-pkcs12"

 	"github.com/usual2970/certimate/internal/applicant"
 	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 	"github.com/usual2970/certimate/internal/utils/app"
 )

 const (
 	targetAliyunOSS      = "aliyun-oss"
 	targetAliyunCDN      = "aliyun-cdn"
-	targetAliyunESA      = "aliyun-dcdn"
+	targetAliyunDCDN     = "aliyun-dcdn"
+	targetAliyunCLB      = "aliyun-clb"
+	targetAliyunALB      = "aliyun-alb"
+	targetAliyunNLB      = "aliyun-nlb"
 	targetTencentCDN     = "tencent-cdn"
+	targetTencentECDN    = "tencent-ecdn"
 	targetTencentCLB     = "tencent-clb"
 	targetTencentCOS     = "tencent-cos"
+	targetTencentTEO     = "tencent-teo"
 	targetHuaweiCloudCDN = "huaweicloud-cdn"
+	targetHuaweiCloudELB = "huaweicloud-elb"
+	targetBaiduCloudCDN  = "baiducloud-cdn"
 	targetQiniuCdn       = "qiniu-cdn"
+	targetDogeCloudCdn   = "dogecloud-cdn"
 	targetLocal          = "local"
 	targetSSH            = "ssh"
 	targetWebhook        = "webhook"
 	targetK8sSecret      = "k8s-secret"
+	targetVolcengineLive = "volcengine-live"
+	targetVolcengineCDN  = "volcengine-cdn"
 )

 type DeployerOption struct {
 	DomainId     string                `json:"domainId"`
 	Domain       string                `json:"domain"`
-	Product      string                `json:"product"`
 	Access       string                `json:"access"`
 	AccessRecord *models.Record        `json:"-"`
 	DeployConfig domain.DeployConfig   `json:"deployConfig"`
@@ -42,7 +56,7 @@ type DeployerOption struct {

 type Deployer interface {
 	Deploy(ctx context.Context) error
-	GetInfo() []string
+	GetInfos() []string
 	GetID() string
 }

@@ -84,7 +98,6 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 	option := &DeployerOption{
 		DomainId:     record.Id,
 		Domain:       record.GetString("domain"),
-		Product:      getProduct(deployConfig.Type),
 		Access:       access.GetString("config"),
 		AccessRecord: access,
 		DeployConfig: deployConfig,
@@ -103,18 +116,34 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 		return NewAliyunOSSDeployer(option)
 	case targetAliyunCDN:
 		return NewAliyunCDNDeployer(option)
-	case targetAliyunESA:
-		return NewAliyunESADeployer(option)
+	case targetAliyunDCDN:
+		return NewAliyunDCDNDeployer(option)
+	case targetAliyunCLB:
+		return NewAliyunCLBDeployer(option)
+	case targetAliyunALB:
+		return NewAliyunALBDeployer(option)
+	case targetAliyunNLB:
+		return NewAliyunNLBDeployer(option)
 	case targetTencentCDN:
 		return NewTencentCDNDeployer(option)
+	case targetTencentECDN:
+		return NewTencentECDNDeployer(option)
 	case targetTencentCLB:
 		return NewTencentCLBDeployer(option)
 	case targetTencentCOS:
 		return NewTencentCOSDeployer(option)
+	case targetTencentTEO:
+		return NewTencentTEODeployer(option)
 	case targetHuaweiCloudCDN:
 		return NewHuaweiCloudCDNDeployer(option)
+	case targetHuaweiCloudELB:
+		return NewHuaweiCloudELBDeployer(option)
+	case targetBaiduCloudCDN:
+		return NewBaiduCloudCDNDeployer(option)
 	case targetQiniuCdn:
 		return NewQiniuCDNDeployer(option)
+	case targetDogeCloudCdn:
+		return NewDogeCloudCDNDeployer(option)
 	case targetLocal:
 		return NewLocalDeployer(option)
 	case targetSSH:
@@ -123,16 +152,12 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 		return NewWebhookDeployer(option)
 	case targetK8sSecret:
 		return NewK8sSecretDeployer(option)
+	case targetVolcengineLive:
+		return NewVolcengineLiveDeployer(option)
+	case targetVolcengineCDN:
+		return NewVolcengineCDNDeployer(option)
 	}
-	return nil, errors.New("not implemented")
-}
-
-func getProduct(t string) string {
-	rs := strings.Split(t, "-")
-	if len(rs) < 2 {
-		return ""
-	}
-	return rs[1]
+	return nil, errors.New("unsupported deploy target")
 }

 func toStr(tag string, data any) string {
@@ -143,37 +168,56 @@ func toStr(tag string, data any) string {
 	return tag + "：" + string(byts)
 }

-func getDeployString(conf domain.DeployConfig, key string) string {
-	if _, ok := conf.Config[key]; !ok {
-		return ""
+func convertPEMToPFX(certificate string, privateKey string, password string) ([]byte, error) {
+	cert, err := x509.ParseCertificateFromPEM(certificate)
+	if err != nil {
+		return nil, err
 	}

-	val, ok := conf.Config[key].(string)
-	if !ok {
-		return ""
+	privkey, err := x509.ParsePKCS1PrivateKeyFromPEM(privateKey)
+	if err != nil {
+		return nil, err
 	}

-	return val
+	pfxData, err := pkcs12.LegacyRC2.Encode(privkey, cert, nil, password)
+	if err != nil {
+		return nil, err
 	}

-func getDeployVariables(conf domain.DeployConfig) map[string]string {
-	rs := make(map[string]string)
-	data, ok := conf.Config["variables"]
-	if !ok {
-		return rs
+	return pfxData, nil
 }

-	bts, _ := json.Marshal(data)
-
-	kvData := make([]domain.KV, 0)
-
-	if err := json.Unmarshal(bts, &kvData); err != nil {
-		return rs
+func convertPEMToJKS(certificate string, privateKey string, alias string, keypass string, storepass string) ([]byte, error) {
+	certBlock, _ := pem.Decode([]byte(certificate))
+	if certBlock == nil {
+		return nil, errors.New("failed to decode certificate PEM")
 	}

-	for _, kv := range kvData {
-		rs[kv.Key] = kv.Value
+	privkeyBlock, _ := pem.Decode([]byte(privateKey))
+	if privkeyBlock == nil {
+		return nil, errors.New("failed to decode private key PEM")
 	}

-	return rs
+	ks := keystore.New()
+	entry := keystore.PrivateKeyEntry{
+		CreationTime: time.Now(),
+		PrivateKey:   privkeyBlock.Bytes,
+		CertificateChain: []keystore.Certificate{
+			{
+				Type:    "X509",
+				Content: certBlock.Bytes,
+			},
+		},
+	}
+
+	if err := ks.SetPrivateKeyEntry(alias, entry, []byte(keypass)); err != nil {
+		return nil, err
+	}
+
+	var buf bytes.Buffer
+	if err := ks.Store(&buf, []byte(storepass)); err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
 }
--- a/internal/deployer/dogecloud_cdn.go
+++ b/internal/deployer/dogecloud_cdn.go
@@ -0,0 +1,88 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strconv"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderDoge "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/dogecloud"
+	doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
+)
+
+type DogeCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *doge.Client
+	sslUploader uploader.Uploader
+}
+
+func NewDogeCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.DogeCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&DogeCloudCDNDeployer{}).createSdkClient(
+		access.AccessKey,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderDoge.New(&uploaderDoge.DogeCloudUploaderConfig{
+		AccessKey: access.AccessKey,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &DogeCloudCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *DogeCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *DogeCloudCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *DogeCloudCDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 CDN
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 绑定证书
+	// REF: https://docs.dogecloud.com/cdn/api-cert-bind
+	bindCdnCertId, _ := strconv.ParseInt(upres.CertId, 10, 64)
+	bindCdnCertResp, err := d.sdkClient.BindCdnCertWithDomain(bindCdnCertId, d.option.DeployConfig.GetConfigAsString("domain"))
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BindCdnCert'")
+	}
+
+	d.infos = append(d.infos, toStr("已绑定证书", bindCdnCertResp))
+
+	return nil
+}
+
+func (d *DogeCloudCDNDeployer) createSdkClient(accessKey, secretKey string) (*doge.Client, error) {
+	client := doge.NewClient(accessKey, secretKey)
+	return client, nil
+}
--- a/internal/deployer/huaweicloud_cdn.go
+++ b/internal/deployer/huaweicloud_cdn.go
@@ -4,27 +4,57 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"time"

 	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
-	cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
-	cdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
-	cdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
+	hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
+	hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
+	hcCdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
+	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/domain"
-	uploader "github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderHcScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	hcCdnEx "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-cdn-sdk"
 )

 type HuaweiCloudCDNDeployer struct {
 	option *DeployerOption
 	infos  []string
+
+	sdkClient   *hcCdnEx.Client
+	sslUploader uploader.Uploader
 }

 func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.HuaweiCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&HuaweiCloudCDNDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.SecretAccessKey,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderHcScm.New(&uploaderHcScm.HuaweiCloudSCMUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		SecretAccessKey: access.SecretAccessKey,
+		Region:          "",
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
 	return &HuaweiCloudCDNDeployer{
 		option:      option,
 		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
 	}, nil
 }

@@ -32,32 +62,27 @@ func (d *HuaweiCloudCDNDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *HuaweiCloudCDNDeployer) GetInfo() []string {
+func (d *HuaweiCloudCDNDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
-	access := &domain.HuaweiCloudAccess{}
-	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
-		return err
-	}
-
-	// TODO: CDN 服务与 DNS 服务所支持的区域可能不一致，这里暂时不传而是使用默认值，仅支持华为云国内版
-	client, err := d.createClient("", access.AccessKeyId, access.SecretAccessKey)
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
 	if err != nil {
 		return err
 	}

-	d.infos = append(d.infos, toStr("SDK 客户端创建成功", nil))
+	d.infos = append(d.infos, toStr("已上传证书", upres))

 	// 查询加速域名配置
 	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
-	showDomainFullConfigReq := &cdnModel.ShowDomainFullConfigRequest{
+	showDomainFullConfigReq := &hcCdnModel.ShowDomainFullConfigRequest{
 		DomainName: d.option.DeployConfig.GetConfigAsString("domain"),
 	}
-	showDomainFullConfigResp, err := client.ShowDomainFullConfig(showDomainFullConfigReq)
+	showDomainFullConfigResp, err := d.sdkClient.ShowDomainFullConfig(showDomainFullConfigReq)
 	if err != nil {
-		return err
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.ShowDomainFullConfig'")
 	}

 	d.infos = append(d.infos, toStr("已查询到加速域名配置", showDomainFullConfigResp))
@@ -65,46 +90,21 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
 	// 更新加速域名配置
 	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
 	// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html
-	updateDomainMultiCertificatesReqBodyContent := &huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent{}
+	updateDomainMultiCertificatesReqBodyContent := &hcCdnEx.UpdateDomainMultiCertificatesExRequestBodyContent{}
 	updateDomainMultiCertificatesReqBodyContent.DomainName = d.option.DeployConfig.GetConfigAsString("domain")
 	updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
-	var updateDomainMultiCertificatesResp *cdnModel.UpdateDomainMultiCertificatesResponse
-	if d.option.DeployConfig.GetConfigAsBool("useSCM") {
-		uploader, err := uploader.NewHuaweiCloudSCMUploader(&uploader.HuaweiCloudSCMUploaderConfig{
-			Region:          "", // TODO: SCM 服务与 DNS 服务所支持的区域可能不一致，这里暂时不传而是使用默认值，仅支持华为云国内版
-			AccessKeyId:     access.AccessKeyId,
-			SecretAccessKey: access.SecretAccessKey,
-		})
-		if err != nil {
-			return err
-		}
-
-		// 上传证书到 SCM
-		uploadResult, err := uploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-		if err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("已上传证书", uploadResult))
-
 	updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
-		updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(uploadResult.CertId)
-		updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(uploadResult.CertName)
-	} else {
-		updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(0)
-		updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(fmt.Sprintf("certimate-%d", time.Now().UnixMilli()))
-		updateDomainMultiCertificatesReqBodyContent.Certificate = cast.StringPtr(d.option.Certificate.Certificate)
-		updateDomainMultiCertificatesReqBodyContent.PrivateKey = cast.StringPtr(d.option.Certificate.PrivateKey)
-	}
-	updateDomainMultiCertificatesReqBodyContent = mergeHuaweiCloudCDNConfig(showDomainFullConfigResp.Configs, updateDomainMultiCertificatesReqBodyContent)
-	updateDomainMultiCertificatesReq := &huaweicloudCDNUpdateDomainMultiCertificatesRequest{
-		Body: &huaweicloudCDNUpdateDomainMultiCertificatesRequestBody{
+	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
+	updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
+	updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
+	updateDomainMultiCertificatesReq := &hcCdnEx.UpdateDomainMultiCertificatesExRequest{
+		Body: &hcCdnEx.UpdateDomainMultiCertificatesExRequestBody{
 			Https: updateDomainMultiCertificatesReqBodyContent,
 		},
 	}
-	updateDomainMultiCertificatesResp, err = executeHuaweiCloudCDNUploadDomainMultiCertificates(client, updateDomainMultiCertificatesReq)
+	updateDomainMultiCertificatesResp, err := d.sdkClient.UploadDomainMultiCertificatesEx(updateDomainMultiCertificatesReq)
 	if err != nil {
-		return err
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadDomainMultiCertificatesEx'")
 	}

 	d.infos = append(d.infos, toStr("已更新加速域名配置", updateDomainMultiCertificatesResp))
@@ -112,7 +112,11 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
 	return nil
 }

-func (d *HuaweiCloudCDNDeployer) createClient(region, accessKeyId, secretAccessKey string) (*cdn.CdnClient, error) {
+func (d *HuaweiCloudCDNDeployer) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnEx.Client, error) {
+	if region == "" {
+		region = "cn-north-1" // CDN 服务默认区域：华北一北京
+	}
+
 	auth, err := global.NewCredentialsBuilder().
 		WithAk(accessKeyId).
 		WithSk(secretAccessKey).
@@ -121,16 +125,12 @@ func (d *HuaweiCloudCDNDeployer) createClient(region, accessKeyId, secretAccessK
 		return nil, err
 	}

-	if region == "" {
-		region = "cn-north-1" // CDN 服务默认区域：华北一北京
-	}
-
-	hcRegion, err := cdnRegion.SafeValueOf(region)
+	hcRegion, err := hcCdnRegion.SafeValueOf(region)
 	if err != nil {
 		return nil, err
 	}

-	hcClient, err := cdn.CdnClientBuilder().
+	hcClient, err := hcCdn.CdnClientBuilder().
 		WithRegion(hcRegion).
 		WithCredential(auth).
 		SafeBuild()
@@ -138,69 +138,6 @@ func (d *HuaweiCloudCDNDeployer) createClient(region, accessKeyId, secretAccessK
 		return nil, err
 	}

-	client := cdn.NewCdnClient(hcClient)
+	client := hcCdnEx.NewClient(hcClient)
 	return client, nil
 }
-
-type huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent struct {
-	cdnModel.UpdateDomainMultiCertificatesRequestBodyContent `json:",inline"`
-
-	SCMCertificateId *string `json:"scm_certificate_id,omitempty"`
-}
-
-type huaweicloudCDNUpdateDomainMultiCertificatesRequestBody struct {
-	Https *huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent `json:"https,omitempty"`
-}
-
-type huaweicloudCDNUpdateDomainMultiCertificatesRequest struct {
-	Body *huaweicloudCDNUpdateDomainMultiCertificatesRequestBody `json:"body,omitempty"`
-}
-
-func executeHuaweiCloudCDNUploadDomainMultiCertificates(client *cdn.CdnClient, request *huaweicloudCDNUpdateDomainMultiCertificatesRequest) (*cdnModel.UpdateDomainMultiCertificatesResponse, error) {
-	// 华为云官方 SDK 中目前提供的字段缺失，这里暂时先需自定义请求
-	// 可能需要等之后 SDK 更新
-
-	requestDef := cdn.GenReqDefForUpdateDomainMultiCertificates()
-
-	if resp, err := client.HcClient.Sync(request, requestDef); err != nil {
-		return nil, err
-	} else {
-		return resp.(*cdnModel.UpdateDomainMultiCertificatesResponse), nil
-	}
-}
-
-func mergeHuaweiCloudCDNConfig(src *cdnModel.ConfigsGetBody, dest *huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent) *huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent {
-	if src == nil {
-		return dest
-	}
-
-	// 华为云 API 中不传的字段表示使用默认值、而非保留原值，因此这里需要把原配置中的参数重新赋值回去
-	// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致，需要做很多转化
-
-	if *src.OriginProtocol == "follow" {
-		dest.AccessOriginWay = cast.Int32Ptr(1)
-	} else if *src.OriginProtocol == "http" {
-		dest.AccessOriginWay = cast.Int32Ptr(2)
-	} else if *src.OriginProtocol == "https" {
-		dest.AccessOriginWay = cast.Int32Ptr(3)
-	}
-
-	if src.ForceRedirect != nil {
-		dest.ForceRedirectConfig = &cdnModel.ForceRedirect{}
-
-		if src.ForceRedirect.Status == "on" {
-			dest.ForceRedirectConfig.Switch = 1
-			dest.ForceRedirectConfig.RedirectType = src.ForceRedirect.Type
-		} else {
-			dest.ForceRedirectConfig.Switch = 0
-		}
-	}
-
-	if src.Https != nil {
-		if *src.Https.Http2Status == "on" {
-			dest.Http2 = cast.Int32Ptr(1)
-		}
-	}
-
-	return dest
-}
--- a/internal/deployer/huaweicloud_elb.go
+++ b/internal/deployer/huaweicloud_elb.go
@@ -0,0 +1,386 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
+	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
+	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
+	hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
+	hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
+	hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderHcElb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+)
+
+type HuaweiCloudELBDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClient   *hcElb.ElbClient
+	sslUploader uploader.Uploader
+}
+
+func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.HuaweiCloudAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&HuaweiCloudELBDeployer{}).createSdkClient(
+		access.AccessKeyId,
+		access.SecretAccessKey,
+		option.DeployConfig.GetConfigAsString("region"),
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderHcElb.New(&uploaderHcElb.HuaweiCloudELBUploaderConfig{
+		AccessKeyId:     access.AccessKeyId,
+		SecretAccessKey: access.SecretAccessKey,
+		Region:          option.DeployConfig.GetConfigAsString("region"),
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &HuaweiCloudELBDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *HuaweiCloudELBDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *HuaweiCloudELBDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *HuaweiCloudELBDeployer) Deploy(ctx context.Context) error {
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "certificate":
+		// 部署到指定证书
+		if err := d.deployToCertificate(ctx); err != nil {
+			return err
+		}
+	case "loadbalancer":
+		// 部署到指定负载均衡器
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		// 部署到指定监听器
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
+	}
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
+	if region == "" {
+		region = "cn-north-4" // ELB 服务默认区域：华北四北京
+	}
+
+	projectId, err := (&HuaweiCloudELBDeployer{}).getSdkProjectId(
+		accessKeyId,
+		secretAccessKey,
+		region,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		WithProjectId(projectId).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcElbRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcElb.ElbClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcElb.NewElbClient(hcClient)
+	return client, nil
+}
+
+func (u *HuaweiCloudELBDeployer) getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error) {
+	if region == "" {
+		region = "cn-north-4" // IAM 服务默认区域：华北四北京
+	}
+
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	hcRegion, err := hcIamRegion.SafeValueOf(region)
+	if err != nil {
+		return "", err
+	}
+
+	hcClient, err := hcIam.IamClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	client := hcIam.NewIamClient(hcClient)
+	if err != nil {
+		return "", err
+	}
+
+	request := &hcIamModel.KeystoneListProjectsRequest{
+		Name: &region,
+	}
+	response, err := client.KeystoneListProjects(request)
+	if err != nil {
+		return "", err
+	} else if response.Projects == nil || len(*response.Projects) == 0 {
+		return "", errors.New("no project found")
+	}
+
+	return (*response.Projects)[0].Id, nil
+}
+
+func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context) error {
+	hcCertId := d.option.DeployConfig.GetConfigAsString("certificateId")
+	if hcCertId == "" {
+		return errors.New("`certificateId` is required")
+	}
+
+	// 更新证书
+	// REF: https://support.huaweicloud.com/api-elb/UpdateCertificate.html
+	updateCertificateReq := &hcElbModel.UpdateCertificateRequest{
+		CertificateId: hcCertId,
+		Body: &hcElbModel.UpdateCertificateRequestBody{
+			Certificate: &hcElbModel.UpdateCertificateOption{
+				Certificate: cast.StringPtr(d.option.Certificate.Certificate),
+				PrivateKey:  cast.StringPtr(d.option.Certificate.PrivateKey),
+			},
+		},
+	}
+	updateCertificateResp, err := d.sdkClient.UpdateCertificate(updateCertificateReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.UpdateCertificate'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 ELB 证书", updateCertificateResp))
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	hcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	if hcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	hcListenerIds := make([]string, 0)
+
+	// 查询负载均衡器详情
+	// REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html
+	showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{
+		LoadbalancerId: hcLoadbalancerId,
+	}
+	showLoadBalancerResp, err := d.sdkClient.ShowLoadBalancer(showLoadBalancerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowLoadBalancer'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器", showLoadBalancerResp))
+
+	// 查询监听器列表
+	// REF: https://support.huaweicloud.com/api-elb/ListListeners.html
+	listListenersLimit := int32(2000)
+	var listListenersMarker *string = nil
+	for {
+		listListenersReq := &hcElbModel.ListListenersRequest{
+			Limit:          cast.Int32Ptr(listListenersLimit),
+			Marker:         listListenersMarker,
+			Protocol:       &[]string{"HTTPS", "TERMINATED_HTTPS"},
+			LoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},
+		}
+		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'elb.ListListeners'")
+		}
+
+		if listListenersResp.Listeners != nil {
+			for _, listener := range *listListenersResp.Listeners {
+				hcListenerIds = append(hcListenerIds, listener.Id)
+			}
+		}
+
+		if listListenersResp.Listeners == nil || len(*listListenersResp.Listeners) < int(listListenersLimit) {
+			break
+		} else {
+			listListenersMarker = listListenersResp.PageInfo.NextMarker
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", hcListenerIds))
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听器证书
+	var errs []error
+	for _, hcListenerId := range hcListenerIds {
+		if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error {
+	hcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if hcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听器证书
+	if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context, hcListenerId string, hcCertId string) error {
+	// 查询监听器详情
+	// REF: https://support.huaweicloud.com/api-elb/ShowListener.html
+	showListenerReq := &hcElbModel.ShowListenerRequest{
+		ListenerId: hcListenerId,
+	}
+	showListenerResp, err := d.sdkClient.ShowListener(showListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到 ELB 监听器", showListenerResp))
+
+	// 更新监听器
+	// REF: https://support.huaweicloud.com/api-elb/UpdateListener.html
+	updateListenerReq := &hcElbModel.UpdateListenerRequest{
+		ListenerId: hcListenerId,
+		Body: &hcElbModel.UpdateListenerRequestBody{
+			Listener: &hcElbModel.UpdateListenerOption{
+				DefaultTlsContainerRef: cast.StringPtr(hcCertId),
+			},
+		},
+	}
+	if showListenerResp.Listener.SniContainerRefs != nil {
+		if len(showListenerResp.Listener.SniContainerRefs) > 0 {
+			// 如果开启 SNI，需替换同 SAN 的证书
+			sniCertIds := make([]string, 0)
+			sniCertIds = append(sniCertIds, hcCertId)
+
+			listOldCertificateReq := &hcElbModel.ListCertificatesRequest{
+				Id: &showListenerResp.Listener.SniContainerRefs,
+			}
+			listOldCertificateResp, err := d.sdkClient.ListCertificates(listOldCertificateReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
+			}
+
+			showNewCertificateReq := &hcElbModel.ShowCertificateRequest{
+				CertificateId: hcCertId,
+			}
+			showNewCertificateResp, err := d.sdkClient.ShowCertificate(showNewCertificateReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowCertificate'")
+			}
+
+			for _, certificate := range *listOldCertificateResp.Certificates {
+				oldCertificate := certificate
+				newCertificate := showNewCertificateResp.Certificate
+
+				if oldCertificate.SubjectAlternativeNames != nil && newCertificate.SubjectAlternativeNames != nil {
+					oldCertificateSans := oldCertificate.SubjectAlternativeNames
+					newCertificateSans := newCertificate.SubjectAlternativeNames
+					sort.Strings(*oldCertificateSans)
+					sort.Strings(*newCertificateSans)
+					if strings.Join(*oldCertificateSans, ";") == strings.Join(*newCertificateSans, ";") {
+						continue
+					}
+				} else {
+					if oldCertificate.Domain == newCertificate.Domain {
+						continue
+					}
+				}
+
+				sniCertIds = append(sniCertIds, certificate.Id)
+			}
+
+			updateListenerReq.Body.Listener.SniContainerRefs = &sniCertIds
+		}
+
+		if showListenerResp.Listener.SniMatchAlgo != "" {
+			updateListenerReq.Body.Listener.SniMatchAlgo = cast.StringPtr(showListenerResp.Listener.SniMatchAlgo)
+		}
+	}
+	updateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'elb.UpdateListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已更新 ELB 监听器", updateListenerResp))
+
+	return nil
+}
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@@ -3,12 +3,15 @@ package deployer
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"strings"

-	corev1 "k8s.io/api/core/v1"
-	k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	xerrors "github.com/pkg/errors"
+	k8sCore "k8s.io/api/core/v1"
+	k8sMeta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"

 	"github.com/usual2970/certimate/internal/domain"
@@ -18,12 +21,25 @@ import (
 type K8sSecretDeployer struct {
 	option *DeployerOption
 	infos  []string
+
+	k8sClient *kubernetes.Clientset
 }

 func NewK8sSecretDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.KubernetesAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&K8sSecretDeployer{}).createK8sClient(access)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create k8s client")
+	}
+
 	return &K8sSecretDeployer{
 		option:    option,
 		infos:     make([]string, 0),
+		k8sClient: client,
 	}, nil
 }

@@ -31,75 +47,53 @@ func (d *K8sSecretDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *K8sSecretDeployer) GetInfo() []string {
+func (d *K8sSecretDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
-	access := &domain.KubernetesAccess{}
-	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
-		return err
-	}
-
-	client, err := d.createClient(access)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("kubeClient create success.", nil))
-
-	namespace := getDeployString(d.option.DeployConfig, "namespace")
+	namespace := d.option.DeployConfig.GetConfigAsString("namespace")
+	secretName := d.option.DeployConfig.GetConfigAsString("secretName")
+	secretDataKeyForCrt := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForCrt", "tls.crt")
+	secretDataKeyForKey := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForKey", "tls.key")
 	if namespace == "" {
 		namespace = "default"
 	}
-
-	secretName := getDeployString(d.option.DeployConfig, "secretName")
 	if secretName == "" {
-		return fmt.Errorf("k8s secret name is empty")
+		return errors.New("`secretName` is required")
 	}

-	secretDataKeyForCrt := getDeployString(d.option.DeployConfig, "secretDataKeyForCrt")
-	if secretDataKeyForCrt == "" {
-		namespace = "tls.crt"
-	}
-
-	secretDataKeyForKey := getDeployString(d.option.DeployConfig, "secretDataKeyForKey")
-	if secretDataKeyForKey == "" {
-		namespace = "tls.key"
-	}
-
-	certificate, err := x509.ParseCertificateFromPEM(d.option.Certificate.Certificate)
+	certX509, err := x509.ParseCertificateFromPEM(d.option.Certificate.Certificate)
 	if err != nil {
-		return fmt.Errorf("failed to parse certificate: %w", err)
+		return err
 	}

-	secretPayload := corev1.Secret{
-		TypeMeta: k8sMetaV1.TypeMeta{
+	secretPayload := k8sCore.Secret{
+		TypeMeta: k8sMeta.TypeMeta{
 			Kind:       "Secret",
 			APIVersion: "v1",
 		},
-		ObjectMeta: k8sMetaV1.ObjectMeta{
+		ObjectMeta: k8sMeta.ObjectMeta{
 			Name: secretName,
 			Annotations: map[string]string{
 				"certimate/domains":             d.option.Domain,
-				"certimate/alt-names":           strings.Join(certificate.DNSNames, ","),
-				"certimate/common-name":         certificate.Subject.CommonName,
-				"certimate/issuer-organization": strings.Join(certificate.Issuer.Organization, ","),
+				"certimate/alt-names":           strings.Join(certX509.DNSNames, ","),
+				"certimate/common-name":         certX509.Subject.CommonName,
+				"certimate/issuer-organization": strings.Join(certX509.Issuer.Organization, ","),
 			},
 		},
-		Type: corev1.SecretType("kubernetes.io/tls"),
+		Type: k8sCore.SecretType("kubernetes.io/tls"),
 	}
-
 	secretPayload.Data = make(map[string][]byte)
 	secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
 	secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)

 	// 获取 Secret 实例
-	_, err = client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMetaV1.GetOptions{})
+	_, err = d.k8sClient.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMeta.GetOptions{})
 	if err != nil {
-		_, err = client.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMetaV1.CreateOptions{})
+		_, err = d.k8sClient.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMeta.CreateOptions{})
 		if err != nil {
-			return fmt.Errorf("failed to create k8s secret: %w", err)
+			return xerrors.Wrap(err, "failed to create k8s secret")
 		} else {
 			d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil))
 			return nil
@@ -107,9 +101,9 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 	}

 	// 更新 Secret 实例
-	_, err = client.CoreV1().Secrets(namespace).Update(ctx, &secretPayload, k8sMetaV1.UpdateOptions{})
+	_, err = d.k8sClient.CoreV1().Secrets(namespace).Update(context.TODO(), &secretPayload, k8sMeta.UpdateOptions{})
 	if err != nil {
-		return fmt.Errorf("failed to update k8s secret: %w", err)
+		return xerrors.Wrap(err, "failed to update k8s secret")
 	}

 	d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil))
@@ -117,12 +111,18 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 	return nil
 }

-func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
+func (d *K8sSecretDeployer) createK8sClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
+	var config *rest.Config
+	var err error
+	if access.KubeConfig == "" {
+		config, err = rest.InClusterConfig()
+	} else {
 		kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
 		if err != nil {
 			return nil, err
 		}
-	config, err := kubeConfig.ClientConfig()
+		config, err = kubeConfig.ClientConfig()
+	}
 	if err != nil {
 		return nil, err
 	}
--- a/internal/deployer/local.go
+++ b/internal/deployer/local.go
@@ -1,15 +1,16 @@
 package deployer

 import (
+	"bytes"
 	"context"
-	"encoding/json"
+	"errors"
 	"fmt"
-	"os"
 	"os/exec"
-	"path/filepath"
 	"runtime"

-	"github.com/usual2970/certimate/internal/domain"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/utils/fs"
 )

 type LocalDeployer struct {
@@ -17,6 +18,18 @@ type LocalDeployer struct {
 	infos  []string
 }

+const (
+	certFormatPEM = "pem"
+	certFormatPFX = "pfx"
+	certFormatJKS = "jks"
+)
+
+const (
+	shellEnvSh         = "sh"
+	shellEnvCmd        = "cmd"
+	shellEnvPowershell = "powershell"
+)
+
 func NewLocalDeployer(option *DeployerOption) (Deployer, error) {
 	return &LocalDeployer{
 		option: option,
@@ -28,84 +41,122 @@ func (d *LocalDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *LocalDeployer) GetInfo() []string {
+func (d *LocalDeployer) GetInfos() []string {
 	return []string{}
 }

 func (d *LocalDeployer) Deploy(ctx context.Context) error {
-	access := &domain.LocalAccess{}
-	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
+	// 执行前置命令
+	preCommand := d.option.DeployConfig.GetConfigAsString("preCommand")
+	if preCommand != "" {
+		stdout, stderr, err := d.execCommand(preCommand)
+		if err != nil {
+			return xerrors.Wrapf(err, "failed to run pre-command, stdout: %s, stderr: %s", stdout, stderr)
+		}
+
+		d.infos = append(d.infos, toStr("执行前置命令成功", stdout))
+	}
+
+	// 写入证书和私钥文件
+	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
+	case certFormatPEM:
+		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
 			return err
 		}

-	preCommand := getDeployString(d.option.DeployConfig, "preCommand")
+		d.infos = append(d.infos, toStr("保存证书成功", nil))

-	if preCommand != "" {
-		if err := execCmd(preCommand); err != nil {
-			return fmt.Errorf("执行前置命令失败: %w", err)
-		}
+		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil {
+			return err
 		}

-	// 复制证书文件
-	if err := copyFile(getDeployString(d.option.DeployConfig, "certPath"), d.option.Certificate.Certificate); err != nil {
-		return fmt.Errorf("复制证书失败: %w", err)
+		d.infos = append(d.infos, toStr("保存私钥成功", nil))
+
+	case certFormatPFX:
+		pfxData, err := convertPEMToPFX(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
+		)
+		if err != nil {
+			return err
 		}

-	// 复制私钥文件
-	if err := copyFile(getDeployString(d.option.DeployConfig, "keyPath"), d.option.Certificate.PrivateKey); err != nil {
-		return fmt.Errorf("复制私钥失败: %w", err)
+		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("保存证书成功", nil))
+
+	case certFormatJKS:
+		jksData, err := convertPEMToJKS(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("jksAlias"),
+			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
+			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("保存证书成功", nil))
+
+	default:
+		return errors.New("unsupported format")
 	}

 	// 执行命令
-	if err := execCmd(getDeployString(d.option.DeployConfig, "command")); err != nil {
-		return fmt.Errorf("执行命令失败: %w", err)
+	command := d.option.DeployConfig.GetConfigAsString("command")
+	if command != "" {
+		stdout, stderr, err := d.execCommand(command)
+		if err != nil {
+			return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr)
+		}
+
+		d.infos = append(d.infos, toStr("执行命令成功", stdout))
 	}

 	return nil
 }

-func execCmd(command string) error {
-	// 执行命令
+func (d *LocalDeployer) execCommand(command string) (string, string, error) {
 	var cmd *exec.Cmd

+	switch d.option.DeployConfig.GetConfigAsString("shell") {
+	case shellEnvSh:
+		cmd = exec.Command("sh", "-c", command)
+
+	case shellEnvCmd:
+		cmd = exec.Command("cmd", "/C", command)
+
+	case shellEnvPowershell:
+		cmd = exec.Command("powershell", "-Command", command)
+
+	case "":
 		if runtime.GOOS == "windows" {
 			cmd = exec.Command("cmd", "/C", command)
 		} else {
 			cmd = exec.Command("sh", "-c", command)
 		}

-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
+	default:
+		return "", "", errors.New("unsupported shell")
+	}
+
+	var stdoutBuf bytes.Buffer
+	cmd.Stdout = &stdoutBuf
+	var stderrBuf bytes.Buffer
+	cmd.Stderr = &stderrBuf

 	err := cmd.Run()
 	if err != nil {
-		return fmt.Errorf("执行命令失败: %w", err)
+		return "", "", xerrors.Wrap(err, "failed to execute shell script")
 	}

-	return nil
-}
-
-func copyFile(path string, content string) error {
-	dir := filepath.Dir(path)
-
-	// 如果目录不存在，创建目录
-	err := os.MkdirAll(dir, os.ModePerm)
-	if err != nil {
-		return fmt.Errorf("创建目录失败: %w", err)
-	}
-
-	// 创建或打开文件
-	file, err := os.Create(path)
-	if err != nil {
-		return fmt.Errorf("创建文件失败: %w", err)
-	}
-	defer file.Close()
-
-	// 写入内容到文件
-	_, err = file.Write([]byte(content))
-	if err != nil {
-		return fmt.Errorf("写入文件失败: %w", err)
-	}
-
-	return nil
+	return stdoutBuf.String(), stderrBuf.String(), nil
 }
--- a/internal/deployer/qiniu_cdn.go
+++ b/internal/deployer/qiniu_cdn.go
@@ -1,36 +1,55 @@
 package deployer

 import (
-	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
-	"io"
-	"net/http"
+	"strings"

+	xerrors "github.com/pkg/errors"
 	"github.com/qiniu/go-sdk/v7/auth"

 	"github.com/usual2970/certimate/internal/domain"
-	xhttp "github.com/usual2970/certimate/internal/utils/http"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderQiniu "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert"
+	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
 )

-const qiniuGateway = "http://api.qiniu.com"
-
 type QiniuCDNDeployer struct {
 	option *DeployerOption
-	info        []string
-	credentials *auth.Credentials
+	infos  []string
+
+	sdkClient   *qiniuEx.Client
+	sslUploader uploader.Uploader
 }

-func NewQiniuCDNDeployer(option *DeployerOption) (*QiniuCDNDeployer, error) {
+func NewQiniuCDNDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.QiniuAccess{}
-	json.Unmarshal([]byte(option.Access), access)
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	client, err := (&QiniuCDNDeployer{}).createSdkClient(
+		access.AccessKey,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploaderQiniu.New(&uploaderQiniu.QiniuSSLCertUploaderConfig{
+		AccessKey: access.AccessKey,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}

 	return &QiniuCDNDeployer{
 		option:      option,
-		info:   make([]string, 0),
-
-		credentials: auth.New(access.AccessKey, access.SecretKey),
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
 	}, nil
 }

@@ -38,177 +57,57 @@ func (d *QiniuCDNDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *QiniuCDNDeployer) GetInfo() []string {
-	return d.info
+func (d *QiniuCDNDeployer) GetInfos() []string {
+	return d.infos
 }

 func (d *QiniuCDNDeployer) Deploy(ctx context.Context) error {
 	// 上传证书
-	certId, err := d.uploadCert()
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
 	if err != nil {
-		return fmt.Errorf("uploadCert failed: %w", err)
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 在七牛 CDN 中泛域名表示为 .example.com，需去除前缀星号
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domain = strings.TrimPrefix(domain, "*")
 	}

 	// 获取域名信息
-	domainInfo, err := d.getDomainInfo()
+	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
+	getDomainInfoResp, err := d.sdkClient.GetDomainInfo(domain)
 	if err != nil {
-		return fmt.Errorf("getDomainInfo failed: %w", err)
+		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.GetDomainInfo'")
 	}

-	// 判断域名是否启用 https
-	if domainInfo.Https != nil && domainInfo.Https.CertID != "" {
-		// 启用了 https
-		// 修改域名证书
-		err = d.modifyDomainCert(certId)
+	d.infos = append(d.infos, toStr("已获取域名信息", getDomainInfoResp))
+
+	// 判断域名是否已启用 HTTPS。如果已启用，修改域名证书；否则，启用 HTTPS
+	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
+	if getDomainInfoResp.Https != nil && getDomainInfoResp.Https.CertID != "" {
+		modifyDomainHttpsConfResp, err := d.sdkClient.ModifyDomainHttpsConf(domain, upres.CertId, getDomainInfoResp.Https.ForceHttps, getDomainInfoResp.Https.Http2Enable)
 		if err != nil {
-			return fmt.Errorf("modifyDomainCert failed: %w", err)
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.ModifyDomainHttpsConf'")
 		}
+
+		d.infos = append(d.infos, toStr("已修改域名证书", modifyDomainHttpsConfResp))
 	} else {
-		// 没启用 https
-		// 启用 https
-		err = d.enableHttps(certId)
+		enableDomainHttpsResp, err := d.sdkClient.EnableDomainHttps(domain, upres.CertId, true, true)
 		if err != nil {
-			return fmt.Errorf("enableHttps failed: %w", err)
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.EnableDomainHttps'")
 		}
+
+		d.infos = append(d.infos, toStr("已将域名升级为 HTTPS", enableDomainHttpsResp))
 	}

 	return nil
 }

-func (d *QiniuCDNDeployer) enableHttps(certId string) error {
-	domain := d.option.DeployConfig.GetDomain()
-	path := fmt.Sprintf("/domain/%s/sslize", domain)
-
-	body := &qiniuModifyDomainCertReq{
-		CertID:      certId,
-		ForceHttps:  true,
-		Http2Enable: true,
-	}
-
-	bodyBytes, err := json.Marshal(body)
-	if err != nil {
-		return fmt.Errorf("enable https failed: %w", err)
-	}
-
-	_, err = d.req(qiniuGateway+path, http.MethodPut, bytes.NewReader(bodyBytes))
-	if err != nil {
-		return fmt.Errorf("enable https failed: %w", err)
-	}
-
-	return nil
-}
-
-type qiniuDomainInfo struct {
-	Https *qiniuModifyDomainCertReq `json:"https"`
-}
-
-func (d *QiniuCDNDeployer) getDomainInfo() (*qiniuDomainInfo, error) {
-	domain := d.option.DeployConfig.GetDomain()
-
-	path := fmt.Sprintf("/domain/%s", domain)
-
-	res, err := d.req(qiniuGateway+path, http.MethodGet, nil)
-	if err != nil {
-		return nil, fmt.Errorf("req failed: %w", err)
-	}
-
-	resp := &qiniuDomainInfo{}
-	err = json.Unmarshal(res, resp)
-	if err != nil {
-		return nil, fmt.Errorf("json.Unmarshal failed: %w", err)
-	}
-
-	return resp, nil
-}
-
-type qiniuUploadCertReq struct {
-	Name       string `json:"name"`
-	CommonName string `json:"common_name"`
-	Pri        string `json:"pri"`
-	Ca         string `json:"ca"`
-}
-
-type qiniuUploadCertResp struct {
-	CertID string `json:"certID"`
-}
-
-func (d *QiniuCDNDeployer) uploadCert() (string, error) {
-	path := "/sslcert"
-
-	body := &qiniuUploadCertReq{
-		Name:       getDeployString(d.option.DeployConfig, "domain"),
-		CommonName: getDeployString(d.option.DeployConfig, "domain"),
-		Pri:        d.option.Certificate.PrivateKey,
-		Ca:         d.option.Certificate.Certificate,
-	}
-
-	bodyBytes, err := json.Marshal(body)
-	if err != nil {
-		return "", fmt.Errorf("json.Marshal failed: %w", err)
-	}
-
-	res, err := d.req(qiniuGateway+path, http.MethodPost, bytes.NewReader(bodyBytes))
-	if err != nil {
-		return "", fmt.Errorf("req failed: %w", err)
-	}
-	resp := &qiniuUploadCertResp{}
-	err = json.Unmarshal(res, resp)
-	if err != nil {
-		return "", fmt.Errorf("json.Unmarshal failed: %w", err)
-	}
-
-	return resp.CertID, nil
-}
-
-type qiniuModifyDomainCertReq struct {
-	CertID      string `json:"certId"`
-	ForceHttps  bool   `json:"forceHttps"`
-	Http2Enable bool   `json:"http2Enable"`
-}
-
-func (d *QiniuCDNDeployer) modifyDomainCert(certId string) error {
-	domain := d.option.DeployConfig.GetDomain()
-	path := fmt.Sprintf("/domain/%s/httpsconf", domain)
-
-	body := &qiniuModifyDomainCertReq{
-		CertID:      certId,
-		ForceHttps:  true,
-		Http2Enable: true,
-	}
-
-	bodyBytes, err := json.Marshal(body)
-	if err != nil {
-		return fmt.Errorf("json.Marshal failed: %w", err)
-	}
-
-	_, err = d.req(qiniuGateway+path, http.MethodPut, bytes.NewReader(bodyBytes))
-	if err != nil {
-		return fmt.Errorf("req failed: %w", err)
-	}
-
-	return nil
-}
-
-func (d *QiniuCDNDeployer) req(url, method string, body io.Reader) ([]byte, error) {
-	req := xhttp.BuildReq(url, method, body, map[string]string{
-		"Content-Type": "application/json",
-	})
-
-	if err := d.credentials.AddToken(auth.TokenQBox, req); err != nil {
-		return nil, fmt.Errorf("credentials.AddToken failed: %w", err)
-	}
-
-	respBody, err := xhttp.ToRequest(req)
-	if err != nil {
-		return nil, fmt.Errorf("ToRequest failed: %w", err)
-	}
-
-	defer respBody.Close()
-
-	res, err := io.ReadAll(respBody)
-	if err != nil {
-		return nil, fmt.Errorf("io.ReadAll failed: %w", err)
-	}
-
-	return res, nil
+func (u *QiniuCDNDeployer) createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
+	credential := auth.New(accessKey, secretKey)
+	client := qiniuEx.NewClient(credential)
+	return client, nil
 }
--- a/internal/deployer/qiniu_cdn_test.go
+++ b/internal/deployer/qiniu_cdn_test.go
@@ -1,87 +0,0 @@
-package deployer
-
-import (
-	"testing"
-
-	"github.com/qiniu/go-sdk/v7/auth"
-
-	"github.com/usual2970/certimate/internal/applicant"
-)
-
-func Test_qiuniu_uploadCert(t *testing.T) {
-	type fields struct {
-		option *DeployerOption
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		want    string
-		wantErr bool
-	}{
-		{
-			name: "test",
-			fields: fields{
-				option: &DeployerOption{
-					DomainId: "1",
-					Domain:   "example.com",
-					Product:  "test",
-					Access:   `{"bucket":"test","accessKey":"","secretKey":""}`,
-					Certificate: applicant.Certificate{
-						Certificate: "",
-						PrivateKey:  "",
-					},
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			q, _ := NewQiniuCDNDeployer(tt.fields.option)
-			got, err := q.uploadCert()
-			if (err != nil) != tt.wantErr {
-				t.Errorf("qiuniu.uploadCert() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != tt.want {
-				t.Errorf("qiuniu.uploadCert() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func Test_qiuniu_modifyDomainCert(t *testing.T) {
-	type fields struct {
-		option      *DeployerOption
-		info        []string
-		credentials *auth.Credentials
-	}
-	type args struct {
-		certId string
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		args    args
-		wantErr bool
-	}{
-		{
-			name: "test",
-			fields: fields{
-				option: &DeployerOption{
-					DomainId: "1",
-					Domain:   "jt1.ikit.fun",
-					Product:  "test",
-					Access:   `{"bucket":"test","accessKey":"","secretKey":""}`,
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			q, _ := NewQiniuCDNDeployer(tt.fields.option)
-			if err := q.modifyDomainCert(tt.args.certId); (err != nil) != tt.wantErr {
-				t.Errorf("qiuniu.modifyDomainCert() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
--- a/internal/deployer/ssh.go
+++ b/internal/deployer/ssh.go
@@ -4,12 +4,14 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
-	xpath "path"
+	"path/filepath"

+	xerrors "github.com/pkg/errors"
 	"github.com/pkg/sftp"
-	sshPkg "golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh"

 	"github.com/usual2970/certimate/internal/domain"
 )
@@ -30,7 +32,7 @@ func (d *SSHDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *SSHDeployer) GetInfo() []string {
+func (d *SSHDeployer) GetInfos() []string {
 	return d.infos
 }

@@ -41,52 +43,126 @@ func (d *SSHDeployer) Deploy(ctx context.Context) error {
 	}

 	// 连接
-	client, err := d.createClient(access)
+	client, err := d.createSshClient(access)
 	if err != nil {
 		return err
 	}
 	defer client.Close()

-	d.infos = append(d.infos, toStr("ssh连接成功", nil))
+	d.infos = append(d.infos, toStr("SSH 连接成功", nil))

 	// 执行前置命令
-	preCommand := getDeployString(d.option.DeployConfig, "preCommand")
+	preCommand := d.option.DeployConfig.GetConfigAsString("preCommand")
 	if preCommand != "" {
 		stdout, stderr, err := d.sshExecCommand(client, preCommand)
 		if err != nil {
-			return fmt.Errorf("failed to run pre-command: %w, stdout: %s, stderr: %s", err, stdout, stderr)
-		}
+			return xerrors.Wrapf(err, "failed to run pre-command: stdout: %s, stderr: %s", stdout, stderr)
 		}

-	// 上传证书
-	if err := d.upload(client, d.option.Certificate.Certificate, getDeployString(d.option.DeployConfig, "certPath")); err != nil {
-		return fmt.Errorf("failed to upload certificate: %w", err)
+		d.infos = append(d.infos, toStr("SSH 执行前置命令成功", stdout))
 	}

-	d.infos = append(d.infos, toStr("ssh上传证书成功", nil))
-
-	// 上传私钥
-	if err := d.upload(client, d.option.Certificate.PrivateKey, getDeployString(d.option.DeployConfig, "keyPath")); err != nil {
-		return fmt.Errorf("failed to upload private key: %w", err)
+	// 上传证书和私钥文件
+	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
+	case certFormatPEM:
+		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
+			return err
 		}

-	d.infos = append(d.infos, toStr("ssh上传私钥成功", nil))
+		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("SSH 上传私钥成功", nil))
+
+	case certFormatPFX:
+		pfxData, err := convertPEMToPFX(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := d.writeSftpFile(client, d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+	case certFormatJKS:
+		jksData, err := convertPEMToJKS(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("jksAlias"),
+			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
+			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
+		)
+		if err != nil {
+			return err
+		}
+
+		if err := d.writeSftpFile(client, d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
+			return err
+		}
+
+		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+	default:
+		return errors.New("unsupported format")
+	}

 	// 执行命令
-	stdout, stderr, err := d.sshExecCommand(client, getDeployString(d.option.DeployConfig, "command"))
+	command := d.option.DeployConfig.GetConfigAsString("command")
+	if command != "" {
+		stdout, stderr, err := d.sshExecCommand(client, command)
 		if err != nil {
-		return fmt.Errorf("failed to run command: %w, stdout: %s, stderr: %s", err, stdout, stderr)
+			return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr)
 		}

-	d.infos = append(d.infos, toStr("ssh执行命令成功", stdout))
+		d.infos = append(d.infos, toStr("SSH 执行命令成功", stdout))
+	}

 	return nil
 }

-func (d *SSHDeployer) sshExecCommand(client *sshPkg.Client, command string) (string, string, error) {
-	session, err := client.NewSession()
+func (d *SSHDeployer) createSshClient(access *domain.SSHAccess) (*ssh.Client, error) {
+	var authMethod ssh.AuthMethod
+
+	if access.Key != "" {
+		var signer ssh.Signer
+		var err error
+
+		if access.KeyPassphrase != "" {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(access.Key), []byte(access.KeyPassphrase))
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(access.Key))
+		}
+
 		if err != nil {
-		return "", "", fmt.Errorf("failed to create ssh session: %w", err)
+			return nil, err
+		}
+		authMethod = ssh.PublicKeys(signer)
+	} else {
+		authMethod = ssh.Password(access.Password)
+	}
+
+	return ssh.Dial("tcp", fmt.Sprintf("%s:%s", access.Host, access.Port), &ssh.ClientConfig{
+		User: access.Username,
+		Auth: []ssh.AuthMethod{
+			authMethod,
+		},
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+	})
+}
+
+func (d *SSHDeployer) sshExecCommand(sshCli *ssh.Client, command string) (string, string, error) {
+	session, err := sshCli.NewSession()
+	if err != nil {
+		return "", "", xerrors.Wrap(err, "failed to create ssh session")
 	}

 	defer session.Close()
@@ -95,60 +171,38 @@ func (d *SSHDeployer) sshExecCommand(client *sshPkg.Client, command string) (str
 	var stderrBuf bytes.Buffer
 	session.Stderr = &stderrBuf
 	err = session.Run(command)
-	return stdoutBuf.String(), stderrBuf.String(), err
+	if err != nil {
+		return "", "", xerrors.Wrap(err, "failed to execute ssh script")
 	}

-func (d *SSHDeployer) upload(client *sshPkg.Client, content, path string) error {
-	sftpCli, err := sftp.NewClient(client)
+	return stdoutBuf.String(), stderrBuf.String(), nil
+}
+
+func (d *SSHDeployer) writeSftpFileString(sshCli *ssh.Client, path string, content string) error {
+	return d.writeSftpFile(sshCli, path, []byte(content))
+}
+
+func (d *SSHDeployer) writeSftpFile(sshCli *ssh.Client, path string, data []byte) error {
+	sftpCli, err := sftp.NewClient(sshCli)
 	if err != nil {
-		return fmt.Errorf("failed to create sftp client: %w", err)
+		return xerrors.Wrap(err, "failed to create sftp client")
 	}
 	defer sftpCli.Close()

-	if err := sftpCli.MkdirAll(xpath.Dir(path)); err != nil {
-		return fmt.Errorf("failed to create remote directory: %w", err)
+	if err := sftpCli.MkdirAll(filepath.Dir(path)); err != nil {
+		return xerrors.Wrap(err, "failed to create remote directory")
 	}

 	file, err := sftpCli.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC)
 	if err != nil {
-		return fmt.Errorf("failed to open remote file: %w", err)
+		return xerrors.Wrap(err, "failed to open remote file")
 	}
 	defer file.Close()

-	_, err = file.Write([]byte(content))
+	_, err = file.Write(data)
 	if err != nil {
-		return fmt.Errorf("failed to write to remote file: %w", err)
+		return xerrors.Wrap(err, "failed to write to remote file")
 	}

 	return nil
 }
-
-func (d *SSHDeployer) createClient(access *domain.SSHAccess) (*sshPkg.Client, error) {
-	var authMethod sshPkg.AuthMethod
-
-	if access.Key != "" {
-		var signer sshPkg.Signer
-		var err error
-
-		if access.KeyPassphrase != "" {
-			signer, err = sshPkg.ParsePrivateKeyWithPassphrase([]byte(access.Key), []byte(access.KeyPassphrase))
-		} else {
-			signer, err = sshPkg.ParsePrivateKey([]byte(access.Key))
-		}
-
-		if err != nil {
-			return nil, err
-		}
-		authMethod = sshPkg.PublicKeys(signer)
-	} else {
-		authMethod = sshPkg.Password(access.Password)
-	}
-
-	return sshPkg.Dial("tcp", fmt.Sprintf("%s:%s", access.Host, access.Port), &sshPkg.ClientConfig{
-		User: access.Username,
-		Auth: []sshPkg.AuthMethod{
-			authMethod,
-		},
-		HostKeyCallback: sshPkg.InsecureIgnoreHostKey(),
-	})
-}
--- a/internal/deployer/tencent_cdn.go
+++ b/internal/deployer/tencent_cdn.go
@@ -2,41 +2,62 @@ package deployer

 import (
 	"context"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"strings"

-	cdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
+	xerrors "github.com/pkg/errors"
+	tcCdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	"golang.org/x/exp/slices"

 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/utils/rand"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
 )

 type TencentCDNDeployer struct {
 	option *DeployerOption
-	credential *common.Credential
 	infos  []string
+
+	sdkClients  *tencentCDNDeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentCDNDeployerSdkClients struct {
+	ssl *tcSsl.Client
+	cdn *tcCdn.Client
 }

 func NewTencentCDNDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.TencentAccess{}
 	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal tencent access: %w", err)
+		return nil, xerrors.Wrap(err, "failed to get access")
 	}

-	credential := common.NewCredential(
+	clients, err := (&TencentCDNDeployer{}).createSdkClients(
 		access.SecretId,
 		access.SecretKey,
 	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}

 	return &TencentCDNDeployer{
 		option:      option,
-		credential: credential,
 		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
 	}, nil
 }

@@ -44,102 +65,130 @@ func (d *TencentCDNDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *TencentCDNDeployer) GetInfo() []string {
+func (d *TencentCDNDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *TencentCDNDeployer) Deploy(ctx context.Context) error {
-	// 上传证书
-	certId, err := d.uploadCert()
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
 	if err != nil {
-		return fmt.Errorf("failed to upload certificate: %w", err)
+		return err
 	}
-	d.infos = append(d.infos, toStr("上传证书", certId))

-	if err := d.deploy(certId); err != nil {
-		return fmt.Errorf("failed to deploy: %w", err)
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 获取待部署的 CDN 实例
+	// 如果是泛域名，根据证书匹配 CDN 实例
+	tcInstanceIds := make([]string, 0)
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domains, err := d.getDomainsByCertificateId(upres.CertId)
+		if err != nil {
+			return err
 		}

+		tcInstanceIds = domains
+	} else {
+		tcInstanceIds = append(tcInstanceIds, domain)
+	}
+
+	// 跳过已部署的 CDN 实例
+	if len(tcInstanceIds) > 0 {
+		deployedDomains, err := d.getDeployedDomainsByCertificateId(upres.CertId)
+		if err != nil {
+			return err
+		}
+
+		temp := make([]string, 0)
+		for _, aliInstanceId := range tcInstanceIds {
+			if !slices.Contains(deployedDomains, aliInstanceId) {
+				temp = append(temp, aliInstanceId)
+			}
+		}
+		tcInstanceIds = temp
+	}
+	if len(tcInstanceIds) == 0 {
+		d.infos = append(d.infos, "已部署过或没有要部署的 CDN 实例")
+		return nil
+	}
+
+	// 证书部署到 CDN 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("cdn")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs(tcInstanceIds)
+	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
+	}
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
 	return nil
 }

-func (d *TencentCDNDeployer) uploadCert() (string, error) {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
+func (d *TencentCDNDeployer) createSdkClients(secretId, secretKey string) (*tencentCDNDeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)

-	client, _ := ssl.NewClient(d.credential, "", cpf)
-
-	request := ssl.NewUploadCertificateRequest()
-
-	request.CertificatePublicKey = common.StringPtr(d.option.Certificate.Certificate)
-	request.CertificatePrivateKey = common.StringPtr(d.option.Certificate.PrivateKey)
-	request.Alias = common.StringPtr(d.option.Domain + "_" + rand.RandStr(6))
-	request.Repeatable = common.BoolPtr(false)
-
-	response, err := client.UploadCertificate(request)
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
 	if err != nil {
-		return "", fmt.Errorf("failed to upload certificate: %w", err)
+		return nil, err
 	}

-	return *response.Response.CertificateId, nil
-}
-
-func (d *TencentCDNDeployer) deploy(certId string) error {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
-	// 实例化要请求产品的client对象,clientProfile是可选的
-	client, _ := ssl.NewClient(d.credential, "", cpf)
-
-	// 实例化一个请求对象,每个接口都会对应一个request对象
-	request := ssl.NewDeployCertificateInstanceRequest()
-
-	request.CertificateId = common.StringPtr(certId)
-	request.ResourceType = common.StringPtr("cdn")
-	request.Status = common.Int64Ptr(1)
-
-	// 如果是泛域名就从cdn列表下获取SSL证书中的可用域名
-	domain := getDeployString(d.option.DeployConfig, "domain")
-	if strings.Contains(domain, "*") {
-		list, errGetList := d.getDomainList()
-		if errGetList != nil {
-			return fmt.Errorf("failed to get certificate domain list: %w", errGetList)
-		}
-		if list == nil || len(list) == 0 {
-			return fmt.Errorf("failed to get certificate domain list: empty list.")
-		}
-		request.InstanceIdList = common.StringPtrs(list)
-	} else { // 否则直接使用传入的域名
-		request.InstanceIdList = common.StringPtrs([]string{domain})
-	}
-
-	// 返回的resp是一个DeployCertificateInstanceResponse的实例，与请求对象对应
-	resp, err := client.DeployCertificateInstance(request)
+	cdnClient, err := tcCdn.NewClient(credential, "", profile.NewClientProfile())
 	if err != nil {
-		return fmt.Errorf("failed to deploy certificate: %w", err)
-	}
-	d.infos = append(d.infos, toStr("部署证书", resp.Response))
-	return nil
+		return nil, err
 	}

-func (d *TencentCDNDeployer) getDomainList() ([]string, error) {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "cdn.tencentcloudapi.com"
-	client, _ := cdn.NewClient(d.credential, "", cpf)
+	return &tencentCDNDeployerSdkClients{
+		ssl: sslClient,
+		cdn: cdnClient,
+	}, nil
+}

-	request := cdn.NewDescribeCertDomainsRequest()
-
-	cert := base64.StdEncoding.EncodeToString([]byte(d.option.Certificate.Certificate))
-	request.Cert = &cert
-
-	response, err := client.DescribeCertDomains(request)
+func (d *TencentCDNDeployer) getDomainsByCertificateId(tcCertId string) ([]string, error) {
+	// 获取证书中的可用域名
+	// REF: https://cloud.tencent.com/document/product/228/42491
+	describeCertDomainsReq := tcCdn.NewDescribeCertDomainsRequest()
+	describeCertDomainsReq.CertId = common.StringPtr(tcCertId)
+	describeCertDomainsReq.Product = common.StringPtr("cdn")
+	describeCertDomainsResp, err := d.sdkClients.cdn.DescribeCertDomains(describeCertDomainsReq)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get domain list: %w", err)
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertDomains'")
 	}

 	domains := make([]string, 0)
-	for _, domain := range response.Response.Domains {
+	if describeCertDomainsResp.Response.Domains == nil {
+		for _, domain := range describeCertDomainsResp.Response.Domains {
 			domains = append(domains, *domain)
 		}
+	}
+
+	return domains, nil
+}
+
+func (d *TencentCDNDeployer) getDeployedDomainsByCertificateId(tcCertId string) ([]string, error) {
+	// 根据证书查询关联 CDN 域名
+	// REF: https://cloud.tencent.com/document/product/400/62674
+	describeDeployedResourcesReq := tcSsl.NewDescribeDeployedResourcesRequest()
+	describeDeployedResourcesReq.CertificateIds = common.StringPtrs([]string{tcCertId})
+	describeDeployedResourcesReq.ResourceType = common.StringPtr("cdn")
+	describeDeployedResourcesResp, err := d.sdkClients.ssl.DescribeDeployedResources(describeDeployedResourcesReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeDeployedResources'")
+	}
+
+	domains := make([]string, 0)
+	if describeDeployedResourcesResp.Response.DeployedResources != nil {
+		for _, deployedResource := range describeDeployedResourcesResp.Response.DeployedResources {
+			for _, resource := range deployedResource.Resources {
+				domains = append(domains, *resource)
+			}
+		}
+	}

 	return domains, nil
 }
--- a/internal/deployer/tencent_clb.go
+++ b/internal/deployer/tencent_clb.go
@@ -3,37 +3,61 @@ package deployer
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"

+	xerrors "github.com/pkg/errors"
+	tcClb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"

 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/utils/rand"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
 )

 type TencentCLBDeployer struct {
 	option *DeployerOption
-	credential *common.Credential
 	infos  []string
+
+	sdkClients  *tencentCLBDeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentCLBDeployerSdkClients struct {
+	ssl *tcSsl.Client
+	clb *tcClb.Client
 }

 func NewTencentCLBDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.TencentAccess{}
 	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal tencent access: %w", err)
+		return nil, xerrors.Wrap(err, "failed to get access")
 	}

-	credential := common.NewCredential(
+	clients, err := (&TencentCLBDeployer{}).createSdkClients(
 		access.SecretId,
 		access.SecretKey,
+		option.DeployConfig.GetConfigAsString("region"),
 	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}

 	return &TencentCLBDeployer{
 		option:      option,
-		credential: credential,
 		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
 	}, nil
 }

@@ -41,77 +65,264 @@ func (d *TencentCLBDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *TencentCLBDeployer) GetInfo() []string {
+func (d *TencentCLBDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *TencentCLBDeployer) Deploy(ctx context.Context) error {
-	// 上传证书
-	certId, err := d.uploadCert()
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "ssl-deploy":
+		// 通过 SSL 服务部署到云资源实例
+		err := d.deployToInstanceUseSsl(ctx)
 		if err != nil {
-		return fmt.Errorf("failed to upload certificate: %w", err)
+			return err
 		}
-	d.infos = append(d.infos, toStr("上传证书", certId))
-
-	if err := d.deploy(certId); err != nil {
-		return fmt.Errorf("failed to deploy: %w", err)
+	case "loadbalancer":
+		// 部署到指定负载均衡器
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		// 部署到指定监听器
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	case "ruledomain":
+		// 部署到指定七层监听转发规则域名
+		if err := d.deployToRuleDomain(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
 	}

 	return nil
 }

-func (d *TencentCLBDeployer) uploadCert() (string, error) {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
+func (d *TencentCLBDeployer) createSdkClients(secretId, secretKey, region string) (*tencentCLBDeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)

-	client, _ := ssl.NewClient(d.credential, "", cpf)
-
-	request := ssl.NewUploadCertificateRequest()
-
-	request.CertificatePublicKey = common.StringPtr(d.option.Certificate.Certificate)
-	request.CertificatePrivateKey = common.StringPtr(d.option.Certificate.PrivateKey)
-	request.Alias = common.StringPtr(d.option.Domain + "_" + rand.RandStr(6))
-	request.Repeatable = common.BoolPtr(false)
-
-	response, err := client.UploadCertificate(request)
+	sslClient, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
 	if err != nil {
-		return "", fmt.Errorf("failed to upload certificate: %w", err)
+		return nil, err
 	}

-	return *response.Response.CertificateId, nil
+	clbClient, err := tcClb.NewClient(credential, region, profile.NewClientProfile())
+	if err != nil {
+		return nil, err
 	}

-func (d *TencentCLBDeployer) deploy(certId string) error {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
-	// 实例化要请求产品的client对象,clientProfile是可选的
-	client, _ := ssl.NewClient(d.credential, getDeployString(d.option.DeployConfig, "region"), cpf)
+	return &tencentCLBDeployerSdkClients{
+		ssl: sslClient,
+		clb: clbClient,
+	}, nil
+}

-	// 实例化一个请求对象,每个接口都会对应一个request对象
-	request := ssl.NewDeployCertificateInstanceRequest()
+func (d *TencentCLBDeployer) deployToInstanceUseSsl(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}

-	request.CertificateId = common.StringPtr(certId)
-	request.ResourceType = common.StringPtr("clb")
-	request.Status = common.Int64Ptr(1)
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}

-	clbId := getDeployString(d.option.DeployConfig, "clbId")
-	lsnId := getDeployString(d.option.DeployConfig, "lsnId")
-	domain := getDeployString(d.option.DeployConfig, "domain")
+	d.infos = append(d.infos, toStr("已上传证书", upres))

-	if(domain == ""){
-		// 未开启SNI，只需要精确到监听器
-		request.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", clbId, lsnId)})
+	// 证书部署到 CLB 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("clb")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	if tcDomain == "" {
+		// 未开启 SNI，只需指定到监听器
+		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", tcLoadbalancerId, tcListenerId)})
 	} else {
-		// 开启SNI，需要精确到域名，支持泛域名
-		request.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", clbId, lsnId, domain)})
+		// 开启 SNI，需指定到域名（支持泛域名）
+		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", tcLoadbalancerId, tcListenerId, tcDomain)})
 	}
-	
-
-	// 返回的resp是一个DeployCertificateInstanceResponse的实例，与请求对象对应
-	resp, err := client.DeployCertificateInstance(request)
+	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
 	if err != nil {
-		return fmt.Errorf("failed to deploy certificate: %w", err)
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
 	}
-	d.infos = append(d.infos, toStr("部署证书", resp.Response))
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerIds := make([]string, 0)
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	// 查询负载均衡器详细信息
+	// REF: https://cloud.tencent.com/document/api/214/46916
+	describeLoadBalancersDetailReq := tcClb.NewDescribeLoadBalancersDetailRequest()
+	describeLoadBalancersDetailResp, err := d.sdkClients.clb.DescribeLoadBalancersDetail(describeLoadBalancersDetailReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeLoadBalancersDetail'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到负载均衡详细信息", describeLoadBalancersDetailResp))
+
+	// 查询监听器列表
+	// REF: https://cloud.tencent.com/document/api/214/30686
+	describeListenersReq := tcClb.NewDescribeListenersRequest()
+	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+	} else {
+		if describeListenersResp.Response.Listeners != nil {
+			for _, listener := range describeListenersResp.Response.Listeners {
+				if listener.Protocol == nil || (*listener.Protocol != "HTTPS" && *listener.Protocol != "TCP_SSL" && *listener.Protocol != "QUIC") {
+					continue
+				}
+
+				tcListenerIds = append(tcListenerIds, *listener.ListenerId)
+			}
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到负载均衡器下的监听器", tcListenerIds))
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听器证书
+	var errs []error
+	for _, tcListenerId := range tcListenerIds {
+		if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToListener(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听器证书
+	if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToRuleDomain(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+	if tcDomain == "" {
+		return errors.New("`domain` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 修改负载均衡七层监听器转发规则的域名级别属性
+	// REF: https://cloud.tencent.com/document/api/214/38092
+	modifyDomainAttributesReq := tcClb.NewModifyDomainAttributesRequest()
+	modifyDomainAttributesReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	modifyDomainAttributesReq.ListenerId = common.StringPtr(tcListenerId)
+	modifyDomainAttributesReq.Domain = common.StringPtr(tcDomain)
+	modifyDomainAttributesReq.Certificate = &tcClb.CertificateInput{
+		SSLMode: common.StringPtr("UNIDIRECTIONAL"),
+		CertId:  common.StringPtr(upres.CertId),
+	}
+	modifyDomainAttributesResp, err := d.sdkClients.clb.ModifyDomainAttributes(modifyDomainAttributesReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyDomainAttributes'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改七层监听器转发规则的域名级别属性", modifyDomainAttributesResp.Response))
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) modifyListenerCertificate(ctx context.Context, tcLoadbalancerId, tcListenerId, tcCertId string) error {
+	// 查询监听器列表
+	// REF: https://cloud.tencent.com/document/api/214/30686
+	describeListenersReq := tcClb.NewDescribeListenersRequest()
+	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	describeListenersReq.ListenerIds = common.StringPtrs([]string{tcListenerId})
+	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+	}
+	if len(describeListenersResp.Response.Listeners) == 0 {
+		d.infos = append(d.infos, toStr("未找到监听器", nil))
+		return errors.New("listener not found")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到监听器属性", describeListenersResp.Response))
+
+	// 修改监听器属性
+	// REF: https://cloud.tencent.com/document/product/214/30681
+	modifyListenerReq := tcClb.NewModifyListenerRequest()
+	modifyListenerReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	modifyListenerReq.ListenerId = common.StringPtr(tcListenerId)
+	modifyListenerReq.Certificate = &tcClb.CertificateInput{CertId: common.StringPtr(tcCertId)}
+	if describeListenersResp.Response.Listeners[0].Certificate != nil && describeListenersResp.Response.Listeners[0].Certificate.SSLMode != nil {
+		modifyListenerReq.Certificate.SSLMode = describeListenersResp.Response.Listeners[0].Certificate.SSLMode
+		modifyListenerReq.Certificate.CertCaId = describeListenersResp.Response.Listeners[0].Certificate.CertCaId
+	} else {
+		modifyListenerReq.Certificate.SSLMode = common.StringPtr("UNIDIRECTIONAL")
+	}
+	modifyListenerResp, err := d.sdkClients.clb.ModifyListener(modifyListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改监听器属性", modifyListenerResp.Response))
+
 	return nil
 }
--- a/internal/deployer/tencent_cos.go
+++ b/internal/deployer/tencent_cos.go
@@ -3,37 +3,55 @@ package deployer
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"

+	xerrors "github.com/pkg/errors"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"

 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/utils/rand"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
 )

 type TencentCOSDeployer struct {
 	option *DeployerOption
-	credential *common.Credential
 	infos  []string
+
+	sdkClient   *tcSsl.Client
+	sslUploader uploader.Uploader
 }

 func NewTencentCOSDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.TencentAccess{}
 	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal tencent access: %w", err)
+		return nil, xerrors.Wrap(err, "failed to get access")
 	}

-	credential := common.NewCredential(
+	client, err := (&TencentCOSDeployer{}).createSdkClient(
 		access.SecretId,
 		access.SecretKey,
+		option.DeployConfig.GetConfigAsString("region"),
 	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}

 	return &TencentCOSDeployer{
 		option:      option,
-		credential: credential,
 		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
 	}, nil
 }

@@ -41,68 +59,49 @@ func (d *TencentCOSDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *TencentCOSDeployer) GetInfo() []string {
+func (d *TencentCOSDeployer) GetInfos() []string {
 	return d.infos
 }

 func (d *TencentCOSDeployer) Deploy(ctx context.Context) error {
-	// 上传证书
-	certId, err := d.uploadCert()
-	if err != nil {
-		return fmt.Errorf("failed to upload certificate: %w", err)
+	tcRegion := d.option.DeployConfig.GetConfigAsString("region")
+	tcBucket := d.option.DeployConfig.GetConfigAsString("bucket")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcBucket == "" {
+		return errors.New("`bucket` is required")
 	}
-	d.infos = append(d.infos, toStr("上传证书", certId))

-	if err := d.deploy(certId); err != nil {
-		return fmt.Errorf("failed to deploy: %w", err)
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
 	}

+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 证书部署到 COS 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("cos")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s#%s#%s", tcRegion, tcBucket, tcDomain)})
+	deployCertificateInstanceResp, err := d.sdkClient.DeployCertificateInstance(deployCertificateInstanceReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
+	}
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
 	return nil
 }

-// 上传证书，与CDN部署的上传方法一致。
-func (d *TencentCOSDeployer) uploadCert() (string, error) {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
-
-	client, _ := ssl.NewClient(d.credential, "", cpf)
-
-	request := ssl.NewUploadCertificateRequest()
-
-	request.CertificatePublicKey = common.StringPtr(d.option.Certificate.Certificate)
-	request.CertificatePrivateKey = common.StringPtr(d.option.Certificate.PrivateKey)
-	request.Alias = common.StringPtr(d.option.Domain + "_" + rand.RandStr(6))
-	request.Repeatable = common.BoolPtr(false)
-
-	response, err := client.UploadCertificate(request)
+func (d *TencentCOSDeployer) createSdkClient(secretId, secretKey, region string) (*tcSsl.Client, error) {
+	credential := common.NewCredential(secretId, secretKey)
+	client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
 	if err != nil {
-		return "", fmt.Errorf("failed to upload certificate: %w", err)
+		return nil, err
 	}

-	return *response.Response.CertificateId, nil
-}
-
-func (d *TencentCOSDeployer) deploy(certId string) error {
-	cpf := profile.NewClientProfile()
-	cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
-	// 实例化要请求产品的client对象,clientProfile是可选的
-	client, _ := ssl.NewClient(d.credential, getDeployString(d.option.DeployConfig, "region"), cpf)
-
-	// 实例化一个请求对象,每个接口都会对应一个request对象
-	request := ssl.NewDeployCertificateInstanceRequest()
-
-	request.CertificateId = common.StringPtr(certId)
-	request.ResourceType = common.StringPtr("cos")
-	request.Status = common.Int64Ptr(1)
-
-	domain := getDeployString(d.option.DeployConfig, "domain")
-	request.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s#%s#%s", getDeployString(d.option.DeployConfig, "region"), getDeployString(d.option.DeployConfig, "bucket"), domain)})
-
-	// 返回的resp是一个DeployCertificateInstanceResponse的实例，与请求对象对应
-	resp, err := client.DeployCertificateInstance(request)
-	if err != nil {
-		return fmt.Errorf("failed to deploy certificate: %w", err)
-	}
-	d.infos = append(d.infos, toStr("部署证书", resp.Response))
-	return nil
+	return client, nil
 }
--- a/internal/deployer/tencent_ecdn.go
+++ b/internal/deployer/tencent_ecdn.go
@@ -0,0 +1,154 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	xerrors "github.com/pkg/errors"
+	tcCdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentECDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClients  *tencentECDNDeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentECDNDeployerSdkClients struct {
+	ssl *tcSsl.Client
+	cdn *tcCdn.Client
+}
+
+func NewTencentECDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.TencentAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	clients, err := (&TencentECDNDeployer{}).createSdkClients(
+		access.SecretId,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentECDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentECDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *TencentECDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *TencentECDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 获取待部署的 ECDN 实例
+	// 如果是泛域名，根据证书匹配 ECDN 实例
+	aliInstanceIds := make([]string, 0)
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domains, err := d.getDomainsByCertificateId(upres.CertId)
+		if err != nil {
+			return err
+		}
+
+		aliInstanceIds = domains
+	} else {
+		aliInstanceIds = append(aliInstanceIds, domain)
+	}
+	if len(aliInstanceIds) == 0 {
+		d.infos = append(d.infos, "没有要部署的 ECDN 实例")
+		return nil
+	}
+
+	// 证书部署到 ECDN 实例
+	// REF: https://cloud.tencent.com/document/product/400/91667
+	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
+	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+	deployCertificateInstanceReq.ResourceType = common.StringPtr("ecdn")
+	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
+	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs(aliInstanceIds)
+	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
+	}
+
+	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
+
+	return nil
+}
+
+func (d *TencentECDNDeployer) createSdkClients(secretId, secretKey string) (*tencentECDNDeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)
+
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	cdnClient, err := tcCdn.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return &tencentECDNDeployerSdkClients{
+		ssl: sslClient,
+		cdn: cdnClient,
+	}, nil
+}
+
+func (d *TencentECDNDeployer) getDomainsByCertificateId(tcCertId string) ([]string, error) {
+	// 获取证书中的可用域名
+	// REF: https://cloud.tencent.com/document/product/228/42491
+	describeCertDomainsReq := tcCdn.NewDescribeCertDomainsRequest()
+	describeCertDomainsReq.CertId = common.StringPtr(tcCertId)
+	describeCertDomainsReq.Product = common.StringPtr("ecdn")
+	describeCertDomainsResp, err := d.sdkClients.cdn.DescribeCertDomains(describeCertDomainsReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertDomains'")
+	}
+
+	domains := make([]string, 0)
+	if describeCertDomainsResp.Response.Domains == nil {
+		for _, domain := range describeCertDomainsResp.Response.Domains {
+			domains = append(domains, *domain)
+		}
+	}
+
+	return domains, nil
+}
--- a/internal/deployer/tencent_teo.go
+++ b/internal/deployer/tencent_teo.go
@@ -0,0 +1,119 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	tcTeo "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentTEODeployer struct {
+	option *DeployerOption
+	infos  []string
+
+	sdkClients  *tencentTEODeployerSdkClients
+	sslUploader uploader.Uploader
+}
+
+type tencentTEODeployerSdkClients struct {
+	ssl *tcSsl.Client
+	teo *tcTeo.Client
+}
+
+func NewTencentTEODeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.TencentAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+
+	clients, err := (&TencentTEODeployer{}).createSdkClients(
+		access.SecretId,
+		access.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+	}
+
+	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  access.SecretId,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentTEODeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClients:  clients,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentTEODeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *TencentTEODeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *TencentTEODeployer) Deploy(ctx context.Context) error {
+	tcZoneId := d.option.DeployConfig.GetConfigAsString("zoneId")
+	if tcZoneId == "" {
+		return xerrors.New("`zoneId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 配置域名证书
+	// REF: https://cloud.tencent.com/document/product/1552/80764
+	modifyHostsCertificateReq := tcTeo.NewModifyHostsCertificateRequest()
+	modifyHostsCertificateReq.ZoneId = common.StringPtr(tcZoneId)
+	modifyHostsCertificateReq.Mode = common.StringPtr("sslcert")
+	modifyHostsCertificateReq.Hosts = common.StringPtrs(strings.Split(strings.ReplaceAll(d.option.Domain, "\r\n", "\n"), "\n"))
+	modifyHostsCertificateReq.ServerCertInfo = []*tcTeo.ServerCertInfo{{CertId: common.StringPtr(upres.CertId)}}
+	modifyHostsCertificateResp, err := d.sdkClients.teo.ModifyHostsCertificate(modifyHostsCertificateReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'teo.ModifyHostsCertificate'")
+	}
+
+	d.infos = append(d.infos, toStr("已配置域名证书", modifyHostsCertificateResp.Response))
+
+	return nil
+}
+
+func (d *TencentTEODeployer) createSdkClients(secretId, secretKey string) (*tencentTEODeployerSdkClients, error) {
+	credential := common.NewCredential(secretId, secretKey)
+
+	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	teoClient, err := tcTeo.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return &tencentTEODeployerSdkClients{
+		ssl: sslClient,
+		teo: teoClient,
+	}, nil
+}
--- a/internal/deployer/volcengine_cdn.go
+++ b/internal/deployer/volcengine_cdn.go
@@ -0,0 +1,116 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	volcenginecdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/volcengine/volc-sdk-golang/service/cdn"
+)
+
+type VolcengineCDNDeployer struct {
+	option      *DeployerOption
+	infos       []string
+	sdkClient   *cdn.CDN
+	sslUploader uploader.Uploader
+}
+
+func NewVolcengineCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.VolcengineAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+	client := cdn.NewInstance()
+	client.Client.SetAccessKey(access.AccessKeyID)
+	client.Client.SetSecretKey(access.SecretAccessKey)
+	uploader, err := volcenginecdn.New(&volcenginecdn.VolcengineCDNUploaderConfig{
+		AccessKeyId:     access.AccessKeyID,
+		AccessKeySecret: access.SecretAccessKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+	return &VolcengineCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *VolcengineCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *VolcengineCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *VolcengineCDNDeployer) Deploy(ctx context.Context) error {
+	apiCtx := context.Background()
+	// 上传证书
+	upres, err := d.sslUploader.Upload(apiCtx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	domains := make([]string, 0)
+	configDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(configDomain, "*.") {
+		// 获取证书可以部署的域名
+		// REF: https://www.volcengine.com/docs/6454/125711
+		describeCertConfigReq := &cdn.DescribeCertConfigRequest{
+			CertId: upres.CertId,
+		}
+		describeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertConfig'")
+		}
+		for i := range describeCertConfigResp.Result.CertNotConfig {
+			// 当前未启用 HTTPS 的加速域名列表。
+			domains = append(domains, describeCertConfigResp.Result.CertNotConfig[i].Domain)
+		}
+		for i := range describeCertConfigResp.Result.OtherCertConfig {
+			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联的证书不是您指定的证书。
+			domains = append(domains, describeCertConfigResp.Result.OtherCertConfig[i].Domain)
+		}
+		for i := range describeCertConfigResp.Result.SpecifiedCertConfig {
+			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联了您指定的证书。
+			d.infos = append(d.infos, fmt.Sprintf("%s域名已配置该证书", describeCertConfigResp.Result.SpecifiedCertConfig[i].Domain))
+		}
+		if len(domains) == 0 {
+			if len(describeCertConfigResp.Result.SpecifiedCertConfig) > 0 {
+				// 所有匹配的域名都配置了该证书，跳过部署
+				return nil
+			} else {
+				return xerrors.Errorf("未查询到匹配的域名: %s", configDomain)
+			}
+		}
+	} else {
+		domains = append(domains, configDomain)
+	}
+	// 部署证书
+	// REF: https://www.volcengine.com/docs/6454/125712
+	for i := range domains {
+		batchDeployCertReq := &cdn.BatchDeployCertRequest{
+			CertId: upres.CertId,
+			Domain: domains[i],
+		}
+		batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BatchDeployCert'")
+		} else {
+			d.infos = append(d.infos, toStr(fmt.Sprintf("%s域名的证书已修改", domains[i]), batchDeployCertResp))
+		}
+	}
+
+	return nil
+}
--- a/internal/deployer/volcengine_live.go
+++ b/internal/deployer/volcengine_live.go
@@ -0,0 +1,148 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"regexp"
+	"strings"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	volcenginelive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	"github.com/volcengine/volc-sdk-golang/base"
+	live "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
+)
+
+type VolcengineLiveDeployer struct {
+	option      *DeployerOption
+	infos       []string
+	sdkClient   *live.Live
+	sslUploader uploader.Uploader
+}
+
+func NewVolcengineLiveDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.VolcengineAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+	client := live.NewInstance()
+	client.SetCredential(base.Credentials{
+		AccessKeyID:     access.AccessKeyID,
+		SecretAccessKey: access.SecretAccessKey,
+	})
+	uploader, err := volcenginelive.New(&volcenginelive.VolcengineLiveUploaderConfig{
+		AccessKeyId:     access.AccessKeyID,
+		AccessKeySecret: access.SecretAccessKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+	return &VolcengineLiveDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *VolcengineLiveDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *VolcengineLiveDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *VolcengineLiveDeployer) Deploy(ctx context.Context) error {
+	apiCtx := context.Background()
+	// 上传证书
+	upres, err := d.sslUploader.Upload(apiCtx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	domains := make([]string, 0)
+	configDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(configDomain, "*.") {
+		// 如果是泛域名，获取所有的域名并匹配
+		matchDomains, err := d.getDomainsByWildcardDomain(apiCtx, configDomain)
+		if err != nil {
+			d.infos = append(d.infos, toStr("获取域名列表失败", upres))
+			return xerrors.Wrap(err, "failed to execute sdk request 'live.ListDomainDetail'")
+		}
+		if len(matchDomains) == 0 {
+			return xerrors.Errorf("未查询到匹配的域名: %s", configDomain)
+		}
+		domains = matchDomains
+	} else {
+		domains = append(domains, configDomain)
+	}
+
+	// 部署证书
+	// REF: https://www.volcengine.com/docs/6469/1186278#%E7%BB%91%E5%AE%9A%E8%AF%81%E4%B9%A6d
+	for i := range domains {
+		bindCertReq := &live.BindCertBody{
+			ChainID: upres.CertId,
+			Domain:  domains[i],
+			HTTPS:   cast.BoolPtr(true),
+		}
+		bindCertResp, err := d.sdkClient.BindCert(apiCtx, bindCertReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'live.BindCert'")
+		} else {
+			d.infos = append(d.infos, toStr(fmt.Sprintf("%s域名的证书已修改", domains[i]), bindCertResp))
+		}
+	}
+
+	return nil
+}
+
+func (d *VolcengineLiveDeployer) getDomainsByWildcardDomain(ctx context.Context, wildcardDomain string) ([]string, error) {
+	pageNum := int32(1)
+	searchTotal := 0
+	domains := make([]string, 0)
+	for {
+		listDomainDetailReq := &live.ListDomainDetailBody{
+			PageNum:  pageNum,
+			PageSize: 1000,
+		}
+		// 查询域名列表
+		// REF: https://www.volcengine.com/docs/6469/1186277#%E6%9F%A5%E8%AF%A2%E5%9F%9F%E5%90%8D%E5%88%97%E8%A1%A8
+		listDomainDetailResp, err := d.sdkClient.ListDomainDetail(ctx, listDomainDetailReq)
+		if err != nil {
+			return domains, err
+		}
+		if listDomainDetailResp.Result.DomainList != nil {
+			for _, item := range listDomainDetailResp.Result.DomainList {
+				if matchWildcardDomain(item.Domain, wildcardDomain) {
+					domains = append(domains, item.Domain)
+				}
+			}
+		}
+		searchTotal += len(listDomainDetailResp.Result.DomainList)
+		if int(listDomainDetailResp.Result.Total) > searchTotal {
+			pageNum++
+		} else {
+			break
+		}
+	}
+
+	return domains, nil
+}
+
+func matchWildcardDomain(domain, wildcardDomain string) bool {
+	if strings.HasPrefix(wildcardDomain, "*.") {
+		if "*."+domain == wildcardDomain {
+			return true
+		}
+		regexPattern := "^([a-zA-Z0-9_-]+)\\." + regexp.QuoteMeta(wildcardDomain[2:]) + "$"
+		regex := regexp.MustCompile(regexPattern)
+		return regex.MatchString(domain)
+	}
+	return domain == wildcardDomain
+}
--- a/internal/deployer/webhook.go
+++ b/internal/deployer/webhook.go
@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"net/http"

+	xerrors "github.com/pkg/errors"
+
 	"github.com/usual2970/certimate/internal/domain"
 	xhttp "github.com/usual2970/certimate/internal/utils/http"
 )
@@ -27,7 +29,7 @@ func (d *WebhookDeployer) GetID() string {
 	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

-func (d *WebhookDeployer) GetInfo() []string {
+func (d *WebhookDeployer) GetInfos() []string {
 	return d.infos
 }

@@ -41,26 +43,24 @@ type webhookData struct {
 func (d *WebhookDeployer) Deploy(ctx context.Context) error {
 	access := &domain.WebhookAccess{}
 	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
-		return fmt.Errorf("failed to parse hook access config: %w", err)
+		return xerrors.Wrap(err, "failed to get access")
 	}

 	data := &webhookData{
 		Domain:      d.option.Domain,
 		Certificate: d.option.Certificate.Certificate,
 		PrivateKey:  d.option.Certificate.PrivateKey,
-		Variables:   getDeployVariables(d.option.DeployConfig),
+		Variables:   d.option.DeployConfig.GetConfigAsVariables(),
 	}
-
 	body, _ := json.Marshal(data)
-
 	resp, err := xhttp.Req(access.Url, http.MethodPost, bytes.NewReader(body), map[string]string{
 		"Content-Type": "application/json",
 	})
 	if err != nil {
-		return fmt.Errorf("failed to send hook request: %w", err)
+		return xerrors.Wrap(err, "failed to send webhook request")
 	}

-	d.infos = append(d.infos, toStr("webhook response", string(resp)))
+	d.infos = append(d.infos, toStr("Webhook Response", string(resp)))

 	return nil
 }
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -11,7 +11,12 @@ type TencentAccess struct {
 }

 type HuaweiCloudAccess struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
 	Region          string `json:"region"`
+}
+
+type BaiduCloudAccess struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	SecretAccessKey string `json:"secretAccessKey"`
 }
@@ -32,6 +37,11 @@ type QiniuAccess struct {
 	SecretKey string `json:"secretKey"`
 }

+type DogeCloudAccess struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
 type NameSiloAccess struct {
 	ApiKey string `json:"apiKey"`
 }
@@ -46,6 +56,11 @@ type PdnsAccess struct {
 	ApiKey string `json:"apiKey"`
 }

+type VolcengineAccess struct {
+	AccessKeyID     string
+	SecretAccessKey string
+}
+
 type HttpreqAccess struct {
 	Endpoint string `json:"endpoint"`
 	Mode     string `json:"mode"`
--- a/internal/domain/domains.go
+++ b/internal/domain/domains.go
@@ -1,6 +1,11 @@
 package domain

-import "strings"
+import (
+	"encoding/json"
+	"strings"
+
+	"github.com/usual2970/certimate/internal/pkg/utils/maps"
+)

 type ApplyConfig struct {
 	Email              string `json:"email"`
@@ -18,7 +23,6 @@ type DeployConfig struct {
 	Config map[string]any `json:"config"`
 }

-
 // 以字符串形式获取配置项。
 //
 // 入参：
@@ -27,7 +31,7 @@ type DeployConfig struct {
 // 出参：
 //   - 配置项的值。如果配置项不存在或者类型不是字符串，则返回空字符串。
 func (dc *DeployConfig) GetConfigAsString(key string) string {
-	return dc.GetConfigOrDefaultAsString(key, "")
+	return maps.GetValueAsString(dc.Config, key)
 }

 // 以字符串形式获取配置项。
@@ -39,17 +43,30 @@ func (dc *DeployConfig) GetConfigAsString(key string) string {
 // 出参：
 //   - 配置项的值。如果配置项不存在或者类型不是字符串，则返回默认值。
 func (dc *DeployConfig) GetConfigOrDefaultAsString(key string, defaultValue string) string {
-	if dc.Config == nil {
-		return defaultValue
+	return maps.GetValueOrDefaultAsString(dc.Config, key, defaultValue)
 }

-	if value, ok := dc.Config[key]; ok {
-		if result, ok := value.(string); ok {
-			return result
-		}
+// 以 32 位整数形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是 32 位整数，则返回 0。
+func (dc *DeployConfig) GetConfigAsInt32(key string) int32 {
+	return maps.GetValueAsInt32(dc.Config, key)
 }

-	return defaultValue
+// 以 32 位整数形式获取配置项。
+//
+// 入参：
+//   - key: 配置项的键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 配置项的值。如果配置项不存在或者类型不是 32 位整数，则返回默认值。
+func (dc *DeployConfig) GetConfigOrDefaultAsInt32(key string, defaultValue int32) int32 {
+	return maps.GetValueOrDefaultAsInt32(dc.Config, key, defaultValue)
 }

 // 以布尔形式获取配置项。
@@ -60,7 +77,7 @@ func (dc *DeployConfig) GetConfigOrDefaultAsString(key string, defaultValue stri
 // 出参：
 //   - 配置项的值。如果配置项不存在或者类型不是布尔，则返回 false。
 func (dc *DeployConfig) GetConfigAsBool(key string) bool {
-	return dc.GetConfigOrDefaultAsBool(key, false)
+	return maps.GetValueAsBool(dc.Config, key)
 }

 // 以布尔形式获取配置项。
@@ -72,17 +89,34 @@ func (dc *DeployConfig) GetConfigAsBool(key string) bool {
 // 出参：
 //   - 配置项的值。如果配置项不存在或者类型不是布尔，则返回默认值。
 func (dc *DeployConfig) GetConfigOrDefaultAsBool(key string, defaultValue bool) bool {
-	if dc.Config == nil {
-		return defaultValue
+	return maps.GetValueOrDefaultAsBool(dc.Config, key, defaultValue)
 }

-	if value, ok := dc.Config[key]; ok {
-		if result, ok := value.(bool); ok {
-			return result
+// 以变量字典形式获取配置项。
+//
+// 出参：
+//   - 变量字典。
+func (dc *DeployConfig) GetConfigAsVariables() map[string]string {
+	rs := make(map[string]string)
+
+	if dc.Config != nil {
+		value, ok := dc.Config["variables"]
+		if !ok {
+			return rs
+		}
+
+		kvs := make([]KV, 0)
+		bts, _ := json.Marshal(value)
+		if err := json.Unmarshal(bts, &kvs); err != nil {
+			return rs
+		}
+
+		for _, kv := range kvs {
+			rs[kv.Key] = kv.Value
 		}
 	}

-	return defaultValue
+	return rs
 }

 // GetDomain returns the domain from the deploy config
--- a/internal/domain/notify.go
+++ b/internal/domain/notify.go
@@ -1,10 +1,13 @@
 package domain

 const (
-	NotifyChannelDingtalk = "dingtalk"
+	NotifyChannelEmail      = "email"
 	NotifyChannelWebhook    = "webhook"
-	NotifyChannelTelegram = "telegram"
+	NotifyChannelDingtalk   = "dingtalk"
 	NotifyChannelLark       = "lark"
+	NotifyChannelTelegram   = "telegram"
+	NotifyChannelServerChan = "serverchan"
+	NotifyChannelBark       = "bark"
 )

 type NotifyTestPushReq struct {
--- a/internal/domain/setting.go
+++ b/internal/domain/setting.go
@@ -24,7 +24,7 @@ func (s *Setting) GetChannelContent(channel string) (map[string]any, error) {

 	v, ok := (*conf)[channel]
 	if !ok {
-		return nil, fmt.Errorf("channel %s not found", channel)
+		return nil, fmt.Errorf("channel \"%s\" not found", channel)
 	}

 	return v, nil
--- a/internal/domains/deploy.go
+++ b/internal/domains/deploy.go
@@ -105,11 +105,11 @@ func deploy(ctx context.Context, record *models.Record) error {
 		if err = deployer.Deploy(ctx); err != nil {

 			app.GetApp().Logger().Error("部署失败", "err", err)
-			history.record(deployPhase, "部署失败", &RecordInfo{Err: err, Info: deployer.GetInfo()})
+			history.record(deployPhase, "部署失败", &RecordInfo{Err: err, Info: deployer.GetInfos()})
 			return err
 		}
 		history.record(deployPhase, fmt.Sprintf("[%s]-部署成功", deployer.GetID()), &RecordInfo{
-			Info: deployer.GetInfo(),
+			Info: deployer.GetInfos(),
 		}, false)

 	}
--- a/internal/notify/expire.go
+++ b/internal/notify/expire.go
@@ -12,19 +12,13 @@ import (
 	"github.com/usual2970/certimate/internal/utils/xtime"
 )

-type msg struct {
-	subject string
-	message string
-}
-
 const (
 	defaultExpireSubject = "您有 {COUNT} 张证书即将过期"
-	defaultExpireMsg     = "有{COUNT}张证书即将过期,域名分别为{DOMAINS},请保持关注！"
+	defaultExpireMessage = "有 {COUNT} 张证书即将过期，域名分别为 {DOMAINS}，请保持关注！"
 )

 func PushExpireMsg() {
 	// 查询即将过期的证书
-
 	records, err := app.GetApp().Dao().FindRecordsByFilter("domains", "expiredAt<{:time}&&certUrl!=''", "-created", 500, 0,
 		dbx.Params{"time": xtime.GetTimeAfter(24 * time.Hour * 15)})
 	if err != nil {
@@ -34,12 +28,12 @@ func PushExpireMsg() {

 	// 组装消息
 	msg := buildMsg(records)
-
 	if msg == nil {
 		return
 	}

-	if err := Send(msg.subject, msg.message); err != nil {
+	// 发送通知
+	if err := SendToAllChannels(msg.Subject, msg.Message); err != nil {
 		app.GetApp().Logger().Error("send expire msg", "error", err)
 	}
 }
@@ -53,22 +47,27 @@ type notifyTemplate struct {
 	Content string `json:"content"`
 }

-func buildMsg(records []*models.Record) *msg {
+type notifyMessage struct {
+	Subject string
+	Message string
+}
+
+func buildMsg(records []*models.Record) *notifyMessage {
 	if len(records) == 0 {
 		return nil
 	}

 	// 查询模板信息
 	templateRecord, err := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='templates'")
-	title := defaultExpireSubject
-	content := defaultExpireMsg
+	subject := defaultExpireSubject
+	message := defaultExpireMessage

 	if err == nil {
 		var templates *notifyTemplates
 		templateRecord.UnmarshalJSONField("content", templates)
 		if templates != nil && len(templates.NotifyTemplates) > 0 {
-			title = templates.NotifyTemplates[0].Title
-			content = templates.NotifyTemplates[0].Content
+			subject = templates.NotifyTemplates[0].Title
+			message = templates.NotifyTemplates[0].Content
 		}
 	}

@@ -81,17 +80,17 @@ func buildMsg(records []*models.Record) *msg {
 	}

 	countStr := strconv.Itoa(count)
-	domainStr := strings.Join(domains, ",")
+	domainStr := strings.Join(domains, ";")

-	title = strings.ReplaceAll(title, "{COUNT}", countStr)
-	title = strings.ReplaceAll(title, "{DOMAINS}", domainStr)
+	subject = strings.ReplaceAll(subject, "{COUNT}", countStr)
+	subject = strings.ReplaceAll(subject, "{DOMAINS}", domainStr)

-	content = strings.ReplaceAll(content, "{COUNT}", countStr)
-	content = strings.ReplaceAll(content, "{DOMAINS}", domainStr)
+	message = strings.ReplaceAll(message, "{COUNT}", countStr)
+	message = strings.ReplaceAll(message, "{DOMAINS}", domainStr)

 	// 返回消息
-	return &msg{
-		subject: title,
-		message: content,
+	return &notifyMessage{
+		Subject: subject,
+		Message: message,
 	}
 }
--- a/internal/notify/factory.go
+++ b/internal/notify/factory.go
@@ -0,0 +1,66 @@
+package notify
+
+import (
+	"errors"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+	notifierBark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/bark"
+	notifierDingTalk "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/dingtalk"
+	notifierEmail "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/email"
+	notifierLark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/lark"
+	notifierServerChan "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/serverchan"
+	notifierTelegram "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegram"
+	notifierWebhook "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/webhook"
+	"github.com/usual2970/certimate/internal/pkg/utils/maps"
+)
+
+func createNotifier(channel string, channelConfig map[string]any) (notifier.Notifier, error) {
+	switch channel {
+	case domain.NotifyChannelEmail:
+		return notifierEmail.New(&notifierEmail.EmailNotifierConfig{
+			SmtpHost:        maps.GetValueAsString(channelConfig, "smtpHost"),
+			SmtpPort:        maps.GetValueAsInt32(channelConfig, "smtpPort"),
+			SmtpTLS:         maps.GetValueOrDefaultAsBool(channelConfig, "smtpTLS", true),
+			Username:        maps.GetValueOrDefaultAsString(channelConfig, "username", maps.GetValueAsString(channelConfig, "senderAddress")),
+			Password:        maps.GetValueAsString(channelConfig, "password"),
+			SenderAddress:   maps.GetValueAsString(channelConfig, "senderAddress"),
+			ReceiverAddress: maps.GetValueAsString(channelConfig, "receiverAddress"),
+		})
+
+	case domain.NotifyChannelWebhook:
+		return notifierWebhook.New(&notifierWebhook.WebhookNotifierConfig{
+			Url: maps.GetValueAsString(channelConfig, "url"),
+		})
+
+	case domain.NotifyChannelDingtalk:
+		return notifierDingTalk.New(&notifierDingTalk.DingTalkNotifierConfig{
+			AccessToken: maps.GetValueAsString(channelConfig, "accessToken"),
+			Secret:      maps.GetValueAsString(channelConfig, "secret"),
+		})
+
+	case domain.NotifyChannelLark:
+		return notifierLark.New(&notifierLark.LarkNotifierConfig{
+			WebhookUrl: maps.GetValueAsString(channelConfig, "webhookUrl"),
+		})
+
+	case domain.NotifyChannelTelegram:
+		return notifierTelegram.New(&notifierTelegram.TelegramNotifierConfig{
+			ApiToken: maps.GetValueAsString(channelConfig, "apiToken"),
+			ChatId:   maps.GetValueAsInt64(channelConfig, "chatId"),
+		})
+
+	case domain.NotifyChannelServerChan:
+		return notifierServerChan.New(&notifierServerChan.ServerChanNotifierConfig{
+			Url: maps.GetValueAsString(channelConfig, "url"),
+		})
+
+	case domain.NotifyChannelBark:
+		return notifierBark.New(&notifierBark.BarkNotifierConfig{
+			DeviceKey: maps.GetValueAsString(channelConfig, "deviceKey"),
+			ServerUrl: maps.GetValueAsString(channelConfig, "serverUrl"),
+		})
+	}
+
+	return nil, errors.New("unsupported notifier channel")
+}
--- a/internal/notify/notify.go
+++ b/internal/notify/notify.go
@@ -3,21 +3,16 @@ package notify
 import (
 	"context"
 	"fmt"
-	"strconv"

-	"github.com/usual2970/certimate/internal/domain"
+	"golang.org/x/sync/errgroup"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+	"github.com/usual2970/certimate/internal/pkg/utils/maps"
 	"github.com/usual2970/certimate/internal/utils/app"
-
-	notifyPackage "github.com/nikoksr/notify"
-	"github.com/nikoksr/notify/service/dingding"
-	"github.com/nikoksr/notify/service/http"
-	"github.com/nikoksr/notify/service/lark"
-	"github.com/nikoksr/notify/service/telegram"
 )

-func Send(title, content string) error {
-	// 获取所有的推送渠道
-	notifiers, err := getNotifiers()
+func SendToAllChannels(subject, message string) error {
+	notifiers, err := getEnabledNotifiers()
 	if err != nil {
 		return err
 	}
@@ -25,136 +20,56 @@ func Send(title, content string) error {
 		return nil
 	}

-	n := notifyPackage.New()
-	// 添加推送渠道
-	n.UseServices(notifiers...)
-
-	// 发送消息
-	return n.Send(context.Background(), title, content)
+	var eg errgroup.Group
+	for _, n := range notifiers {
+		if n == nil {
+			continue
 		}

-type sendTestParam struct {
-	Title   string         `json:"title"`
-	Content string         `json:"content"`
-	Channel string         `json:"channel"`
-	Conf    map[string]any `json:"conf"`
+		eg.Go(func() error {
+			_, err := n.Notify(context.Background(), subject, message)
+			return err
+		})
 	}

-func SendTest(param *sendTestParam) error {
-	notifier, err := getNotifier(param.Channel, param.Conf)
+	err = eg.Wait()
+	return err
+}
+
+func SendToChannel(subject, message string, channel string, channelConfig map[string]any) error {
+	notifier, err := createNotifier(channel, channelConfig)
 	if err != nil {
 		return err
 	}

-	n := notifyPackage.New()
-
-	// 添加推送渠道
-	n.UseServices(notifier)
-
-	// 发送消息
-	return n.Send(context.Background(), param.Title, param.Content)
+	_, err = notifier.Notify(context.Background(), subject, message)
+	return err
 }

-func getNotifiers() ([]notifyPackage.Notifier, error) {
-	resp, err := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='notifyChannels'")
+func getEnabledNotifiers() ([]notifier.Notifier, error) {
+	settings, err := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='notifyChannels'")
 	if err != nil {
 		return nil, fmt.Errorf("find notifyChannels error: %w", err)
 	}

-	notifiers := make([]notifyPackage.Notifier, 0)
-
 	rs := make(map[string]map[string]any)
-
-	if err := resp.UnmarshalJSONField("content", &rs); err != nil {
+	if err := settings.UnmarshalJSONField("content", &rs); err != nil {
 		return nil, fmt.Errorf("unmarshal notifyChannels error: %w", err)
 	}

+	notifiers := make([]notifier.Notifier, 0)
 	for k, v := range rs {
-
-		if !getBool(v, "enabled") {
+		if !maps.GetValueAsBool(v, "enabled") {
 			continue
 		}

-		notifier, err := getNotifier(k, v)
+		notifier, err := createNotifier(k, v)
 		if err != nil {
 			continue
 		}

 		notifiers = append(notifiers, notifier)
-
 	}

 	return notifiers, nil
 }
-
-func getNotifier(channel string, conf map[string]any) (notifyPackage.Notifier, error) {
-	switch channel {
-	case domain.NotifyChannelTelegram:
-		temp := getTelegramNotifier(conf)
-		if temp == nil {
-			return nil, fmt.Errorf("telegram notifier config error")
-		}
-
-		return temp, nil
-	case domain.NotifyChannelDingtalk:
-		return getDingTalkNotifier(conf), nil
-	case domain.NotifyChannelLark:
-		return getLarkNotifier(conf), nil
-	case domain.NotifyChannelWebhook:
-		return getWebhookNotifier(conf), nil
-	}
-
-	return nil, fmt.Errorf("notifier not found")
-}
-
-func getWebhookNotifier(conf map[string]any) notifyPackage.Notifier {
-	rs := http.New()
-
-	rs.AddReceiversURLs(getString(conf, "url"))
-
-	return rs
-}
-
-func getTelegramNotifier(conf map[string]any) notifyPackage.Notifier {
-	rs, err := telegram.New(getString(conf, "apiToken"))
-	if err != nil {
-		return nil
-	}
-
-	chatId := getString(conf, "chatId")
-
-	id, err := strconv.ParseInt(chatId, 10, 64)
-	if err != nil {
-		return nil
-	}
-
-	rs.AddReceivers(id)
-	return rs
-}
-
-func getDingTalkNotifier(conf map[string]any) notifyPackage.Notifier {
-	return dingding.New(&dingding.Config{
-		Token:  getString(conf, "accessToken"),
-		Secret: getString(conf, "secret"),
-	})
-}
-
-func getLarkNotifier(conf map[string]any) notifyPackage.Notifier {
-	return lark.NewWebhookService(getString(conf, "webhookUrl"))
-}
-
-func getString(conf map[string]any, key string) string {
-	if _, ok := conf[key]; !ok {
-		return ""
-	}
-
-	return conf[key].(string)
-}
-
-func getBool(conf map[string]any, key string) bool {
-	if _, ok := conf[key]; !ok {
-		return false
-	}
-
-	return conf[key].(bool)
-}
--- a/internal/notify/service.go
+++ b/internal/notify/service.go
@@ -29,18 +29,13 @@ func NewNotifyService(settingRepo SettingRepository) *NotifyService {
 func (n *NotifyService) Test(ctx context.Context, req *domain.NotifyTestPushReq) error {
 	setting, err := n.settingRepo.GetByName(ctx, "notifyChannels")
 	if err != nil {
-		return fmt.Errorf("get notify channels setting failed: %w", err)
+		return fmt.Errorf("failed to get notify channels settings: %w", err)
 	}

-	conf, err := setting.GetChannelContent(req.Channel)
+	channelConfig, err := setting.GetChannelContent(req.Channel)
 	if err != nil {
-		return fmt.Errorf("get notify channel %s config failed: %w", req.Channel, err)
+		return fmt.Errorf("failed to get notify channel \"%s\" config: %w", req.Channel, err)
 	}

-	return SendTest(&sendTestParam{
-		Title:   notifyTestTitle,
-		Content: notifyTestBody,
-		Channel: req.Channel,
-		Conf:    conf,
-	})
+	return SendToChannel(notifyTestTitle, notifyTestBody, req.Channel, channelConfig)
 }
--- a/internal/pkg/core/notifier/notifier.go
+++ b/internal/pkg/core/notifier/notifier.go
@@ -0,0 +1,23 @@
+package notifier
+
+import "context"
+
+// 表示定义消息通知器的抽象类型接口。
+type Notifier interface {
+	// 发送通知。
+	//
+	// 入参：
+	//   - ctx：上下文。
+	//   - subject：通知主题。
+	//   - message：通知内容。
+	//
+	// 出参：
+	//   - res：发送结果。
+	//   - err: 错误。
+	Notify(ctx context.Context, subject string, message string) (res *NotifyResult, err error)
+}
+
+// 表示通知发送结果的数据结构。
+type NotifyResult struct {
+	NotificationData map[string]any `json:"notificationData,omitempty"`
+}
--- a/internal/pkg/core/notifier/providers/bark/bark.go
+++ b/internal/pkg/core/notifier/providers/bark/bark.go
@@ -0,0 +1,48 @@
+package bark
+
+import (
+	"context"
+	"errors"
+
+	"github.com/nikoksr/notify"
+	"github.com/nikoksr/notify/service/bark"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type BarkNotifierConfig struct {
+	ServerUrl string `json:"serverUrl"`
+	DeviceKey string `json:"deviceKey"`
+}
+
+type BarkNotifier struct {
+	config *BarkNotifierConfig
+}
+
+var _ notifier.Notifier = (*BarkNotifier)(nil)
+
+func New(config *BarkNotifierConfig) (*BarkNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &BarkNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *BarkNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	var srv notify.Notifier
+	if n.config.ServerUrl == "" {
+		srv = bark.New(n.config.DeviceKey)
+	} else {
+		srv = bark.NewWithServers(n.config.DeviceKey, n.config.ServerUrl)
+	}
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/notifier/providers/dingtalk/dingtalk.go
+++ b/internal/pkg/core/notifier/providers/dingtalk/dingtalk.go
@@ -0,0 +1,45 @@
+package dingtalk
+
+import (
+	"context"
+	"errors"
+
+	"github.com/nikoksr/notify/service/dingding"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type DingTalkNotifierConfig struct {
+	AccessToken string `json:"accessToken"`
+	Secret      string `json:"secret"`
+}
+
+type DingTalkNotifier struct {
+	config *DingTalkNotifierConfig
+}
+
+var _ notifier.Notifier = (*DingTalkNotifier)(nil)
+
+func New(config *DingTalkNotifierConfig) (*DingTalkNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &DingTalkNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *DingTalkNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	srv := dingding.New(&dingding.Config{
+		Token:  n.config.AccessToken,
+		Secret: n.config.Secret,
+	})
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/notifier/providers/email/email.go
+++ b/internal/pkg/core/notifier/providers/email/email.go
@@ -0,0 +1,95 @@
+package email
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net/smtp"
+
+	"github.com/domodwyer/mailyak/v3"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type EmailNotifierConfig struct {
+	SmtpHost        string `json:"smtpHost"`
+	SmtpPort        int32  `json:"smtpPort"`
+	SmtpTLS         bool   `json:"smtpTLS"`
+	Username        string `json:"username"`
+	Password        string `json:"password"`
+	SenderAddress   string `json:"senderAddress"`
+	ReceiverAddress string `json:"receiverAddress"`
+}
+
+type EmailNotifier struct {
+	config *EmailNotifierConfig
+}
+
+var _ notifier.Notifier = (*EmailNotifier)(nil)
+
+func New(config *EmailNotifierConfig) (*EmailNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &EmailNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *EmailNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	var smtpAuth smtp.Auth
+	if n.config.Username != "" || n.config.Password != "" {
+		smtpAuth = smtp.PlainAuth("", n.config.Username, n.config.Password, n.config.SmtpHost)
+	}
+
+	var smtpAddr string
+	if n.config.SmtpPort == 0 {
+		if n.config.SmtpTLS {
+			smtpAddr = fmt.Sprintf("%s:465", n.config.SmtpHost)
+		} else {
+			smtpAddr = fmt.Sprintf("%s:25", n.config.SmtpHost)
+		}
+	} else {
+		smtpAddr = fmt.Sprintf("%s:%d", n.config.SmtpHost, n.config.SmtpPort)
+	}
+
+	var yak *mailyak.MailYak
+	if n.config.SmtpTLS {
+		yak, err = mailyak.NewWithTLS(smtpAddr, smtpAuth, newTlsConfig())
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		yak = mailyak.New(smtpAddr, smtpAuth)
+	}
+
+	yak.From(n.config.SenderAddress)
+	yak.To(n.config.ReceiverAddress)
+	yak.Subject(subject)
+	yak.Plain().Set(message)
+
+	err = yak.Send()
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
+
+func newTlsConfig() *tls.Config {
+	var suiteIds []uint16
+	for _, suite := range tls.CipherSuites() {
+		suiteIds = append(suiteIds, suite.ID)
+	}
+	for _, suite := range tls.InsecureCipherSuites() {
+		suiteIds = append(suiteIds, suite.ID)
+	}
+
+	// 为兼容国内部分低版本 TLS 的 SMTP 服务商
+	return &tls.Config{
+		MinVersion:   tls.VersionTLS10,
+		CipherSuites: suiteIds,
+	}
+}
--- a/internal/pkg/core/notifier/providers/email/email_test.go
+++ b/internal/pkg/core/notifier/providers/email/email_test.go
@@ -0,0 +1,51 @@
+package email_test
+
+import (
+	"os"
+	"strconv"
+	"testing"
+
+	notifierEmail "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/email"
+)
+
+/*
+Shell command to run this test:
+
+	CERTIMATE_NOTIFIER_EMAIL_SMTPPORT=465 \
+	CERTIMATE_NOTIFIER_EMAIL_SMTPTLS=true \
+	CERTIMATE_NOTIFIER_EMAIL_SMTPHOST="smtp.example.com" \
+	CERTIMATE_NOTIFIER_EMAIL_USERNAME="your-username" \
+	CERTIMATE_NOTIFIER_EMAIL_PASSWORD="your-password" \
+	CERTIMATE_NOTIFIER_EMAIL_SENDERADDRESS="sender@example.com" \
+	CERTIMATE_NOTIFIER_EMAIL_RECEIVERADDRESS="receiver@example.com" \
+	go test -v -run TestNotify email_test.go
+*/
+func TestNotify(t *testing.T) {
+	smtpPort, err := strconv.ParseInt(os.Getenv("CERTIMATE_NOTIFIER_EMAIL_SMTPPORT"), 10, 32)
+	if err != nil {
+		t.Errorf("invalid envvar: %+v", err)
+		panic(err)
+	}
+
+	smtpTLS, err := strconv.ParseBool(os.Getenv("CERTIMATE_NOTIFIER_EMAIL_SMTPTLS"))
+	if err != nil {
+		t.Errorf("invalid envvar: %+v", err)
+		panic(err)
+	}
+
+	res, err := notifierEmail.New(&notifierEmail.EmailNotifierConfig{
+		SmtpHost:        os.Getenv("CERTIMATE_NOTIFIER_EMAIL_SMTPHOST"),
+		SmtpPort:        int32(smtpPort),
+		SmtpTLS:         smtpTLS,
+		Username:        os.Getenv("CERTIMATE_NOTIFIER_EMAIL_USERNAME"),
+		Password:        os.Getenv("CERTIMATE_NOTIFIER_EMAIL_PASSWORD"),
+		SenderAddress:   os.Getenv("CERTIMATE_NOTIFIER_EMAIL_SENDERADDRESS"),
+		ReceiverAddress: os.Getenv("CERTIMATE_NOTIFIER_EMAIL_RECEIVERADDRESS"),
+	})
+	if err != nil {
+		t.Errorf("invalid envvar: %+v", err)
+		panic(err)
+	}
+
+	t.Logf("notify result: %v", res)
+}
--- a/internal/pkg/core/notifier/providers/lark/lark.go
+++ b/internal/pkg/core/notifier/providers/lark/lark.go
@@ -0,0 +1,41 @@
+package lark
+
+import (
+	"context"
+	"errors"
+
+	"github.com/nikoksr/notify/service/lark"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type LarkNotifierConfig struct {
+	WebhookUrl string `json:"webhookUrl"`
+}
+
+type LarkNotifier struct {
+	config *LarkNotifierConfig
+}
+
+var _ notifier.Notifier = (*LarkNotifier)(nil)
+
+func New(config *LarkNotifierConfig) (*LarkNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &LarkNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *LarkNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	srv := lark.NewWebhookService(n.config.WebhookUrl)
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/notifier/providers/serverchan/serverchan.go
+++ b/internal/pkg/core/notifier/providers/serverchan/serverchan.go
@@ -0,0 +1,55 @@
+package serverchan
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	notifyHttp "github.com/nikoksr/notify/service/http"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type ServerChanNotifierConfig struct {
+	Url string `json:"url"`
+}
+
+type ServerChanNotifier struct {
+	config *ServerChanNotifierConfig
+}
+
+var _ notifier.Notifier = (*ServerChanNotifier)(nil)
+
+func New(config *ServerChanNotifierConfig) (*ServerChanNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &ServerChanNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *ServerChanNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	srv := notifyHttp.New()
+
+	srv.AddReceivers(&notifyHttp.Webhook{
+		URL:         n.config.Url,
+		Header:      http.Header{},
+		ContentType: "application/json",
+		Method:      http.MethodPost,
+		BuildPayload: func(subject, message string) (payload any) {
+			return map[string]string{
+				"text": subject,
+				"desp": message,
+			}
+		},
+	})
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/notifier/providers/telegram/telegram.go
+++ b/internal/pkg/core/notifier/providers/telegram/telegram.go
@@ -0,0 +1,47 @@
+package telegram
+
+import (
+	"context"
+	"errors"
+
+	"github.com/nikoksr/notify/service/telegram"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type TelegramNotifierConfig struct {
+	ApiToken string `json:"apiToken"`
+	ChatId   int64  `json:"chatId"`
+}
+
+type TelegramNotifier struct {
+	config *TelegramNotifierConfig
+}
+
+var _ notifier.Notifier = (*TelegramNotifier)(nil)
+
+func New(config *TelegramNotifierConfig) (*TelegramNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &TelegramNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *TelegramNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	srv, err := telegram.New(n.config.ApiToken)
+	if err != nil {
+		return nil, err
+	}
+
+	srv.AddReceivers(n.config.ChatId)
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/notifier/providers/webhook/webhook.go
+++ b/internal/pkg/core/notifier/providers/webhook/webhook.go
@@ -0,0 +1,43 @@
+package webhook
+
+import (
+	"context"
+	"errors"
+
+	"github.com/nikoksr/notify/service/http"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type WebhookNotifierConfig struct {
+	Url string `json:"url"`
+}
+
+type WebhookNotifier struct {
+	config *WebhookNotifierConfig
+}
+
+var _ notifier.Notifier = (*WebhookNotifier)(nil)
+
+func New(config *WebhookNotifierConfig) (*WebhookNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &WebhookNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *WebhookNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	srv := http.New()
+
+	srv.AddReceiversURLs(n.config.Url)
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
@@ -1,45 +1,55 @@
-package uploader
+package aliyuncas

 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 	"time"

-	cas20200407 "github.com/alibabacloud-go/cas-20200407/v3/client"
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
+	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"

+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )

 type AliyunCASUploaderConfig struct {
-	Region          string `json:"region"`
 	AccessKeyId     string `json:"accessKeyId"`
 	AccessKeySecret string `json:"accessKeySecret"`
+	Region          string `json:"region"`
 }

 type AliyunCASUploader struct {
 	config    *AliyunCASUploaderConfig
-	sdkClient  *cas20200407.Client
-	sdkRuntime *util.RuntimeOptions
+	sdkClient *aliyunCas.Client
 }

-func NewAliyunCASUploader(config *AliyunCASUploaderConfig) (*AliyunCASUploader, error) {
-	client, err := (&AliyunCASUploader{config: config}).createSdkClient()
+var _ uploader.Uploader = (*AliyunCASUploader)(nil)
+
+func New(config *AliyunCASUploaderConfig) (*AliyunCASUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.AccessKeySecret,
+		config.Region,
+	)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
 	}

 	return &AliyunCASUploader{
 		config:    config,
 		sdkClient: client,
-		sdkRuntime: &util.RuntimeOptions{},
 	}, nil
 }

-func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error) {
+func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
 	certX509, err := x509.ParseCertificateFromPEM(certPem)
 	if err != nil {
@@ -52,42 +62,42 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP
 	listUserCertificateOrderPage := int64(1)
 	listUserCertificateOrderLimit := int64(50)
 	for {
-		listUserCertificateOrderReq := &cas20200407.ListUserCertificateOrderRequest{
+		listUserCertificateOrderReq := &aliyunCas.ListUserCertificateOrderRequest{
 			CurrentPage: tea.Int64(listUserCertificateOrderPage),
 			ShowSize:    tea.Int64(listUserCertificateOrderLimit),
 			OrderType:   tea.String("CERT"),
 		}
-		listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrderWithOptions(listUserCertificateOrderReq, u.sdkRuntime)
+		listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq)
 		if err != nil {
-			return nil, fmt.Errorf("failed to execute sdk request 'cas.ListUserCertificateOrder': %w", err)
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.ListUserCertificateOrder'")
 		}

 		if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
 			for _, certDetail := range listUserCertificateOrderResp.Body.CertificateOrderList {
 				if strings.EqualFold(certX509.SerialNumber.Text(16), *certDetail.SerialNo) {
-					getUserCertificateDetailReq := &cas20200407.GetUserCertificateDetailRequest{
+					getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
 						CertId: certDetail.CertificateId,
 					}
-					getUserCertificateDetailResp, err := u.sdkClient.GetUserCertificateDetailWithOptions(getUserCertificateDetailReq, u.sdkRuntime)
+					getUserCertificateDetailResp, err := u.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq)
 					if err != nil {
-						return nil, fmt.Errorf("failed to execute sdk request 'cas.GetUserCertificateDetail': %w", err)
+						return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'")
 					}

 					var isSameCert bool
 					if *getUserCertificateDetailResp.Body.Cert == certPem {
 						isSameCert = true
 					} else {
-						cert, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert)
+						oldCertX509, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert)
 						if err != nil {
 							continue
 						}

-						isSameCert = x509.EqualCertificate(certX509, cert)
+						isSameCert = x509.EqualCertificate(certX509, oldCertX509)
 					}

 					// 如果已存在相同证书，直接返回已有的证书信息
 					if isSameCert {
-						return &UploadResult{
+						return &uploader.UploadResult{
 							CertId:   fmt.Sprintf("%d", tea.Int64Value(certDetail.CertificateId)),
 							CertName: *certDetail.Name,
 						}, nil
@@ -98,13 +108,13 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP

 		if listUserCertificateOrderResp.Body.CertificateOrderList == nil || len(listUserCertificateOrderResp.Body.CertificateOrderList) < int(listUserCertificateOrderLimit) {
 			break
-		}
-
+		} else {
 			listUserCertificateOrderPage += 1
 			if listUserCertificateOrderPage > 99 { // 避免死循环
 				break
 			}
 		}
+	}

 	// 生成新证书名（需符合阿里云命名规则）
 	var certId, certName string
@@ -112,32 +122,29 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP

 	// 上传新证书
 	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate
-	uploadUserCertificateReq := &cas20200407.UploadUserCertificateRequest{
+	uploadUserCertificateReq := &aliyunCas.UploadUserCertificateRequest{
 		Name: tea.String(certName),
 		Cert: tea.String(certPem),
 		Key:  tea.String(privkeyPem),
 	}
-	uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificateWithOptions(uploadUserCertificateReq, u.sdkRuntime)
+	uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq)
 	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'cas.UploadUserCertificate': %w", err)
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.UploadUserCertificate'")
 	}

 	certId = fmt.Sprintf("%d", tea.Int64Value(uploadUserCertificateResp.Body.CertId))
-	return &UploadResult{
+	return &uploader.UploadResult{
 		CertId:   certId,
 		CertName: certName,
 	}, nil
 }

-func (u *AliyunCASUploader) createSdkClient() (*cas20200407.Client, error) {
-	region := u.config.Region
-	accessKeyId := u.config.AccessKeyId
-	accessKeySecret := u.config.AccessKeySecret
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Client, error) {
 	if region == "" {
 		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
 	}

-	aConfig := &openapi.Config{
+	aConfig := &aliyunOpen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 	}
@@ -146,16 +153,12 @@ func (u *AliyunCASUploader) createSdkClient() (*cas20200407.Client, error) {
 	switch region {
 	case "cn-hangzhou":
 		endpoint = "cas.aliyuncs.com"
-	case "ap-southeast-1":
-		endpoint = "cas.ap-southeast-1.aliyuncs.com"
-	case "eu-central-1":
-		endpoint = "cas.eu-central-1.aliyuncs.com"
 	default:
 		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
 	}
 	aConfig.Endpoint = tea.String(endpoint)

-	client, err := cas20200407.NewClient(aConfig)
+	client, err := aliyunCas.NewClient(aConfig)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
+++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
@@ -0,0 +1,148 @@
+package aliyunslb
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type AliyunSLBUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+	Region          string `json:"region"`
+}
+
+type AliyunSLBUploader struct {
+	config    *AliyunSLBUploaderConfig
+	sdkClient *aliyunSlb.Client
+}
+
+var _ uploader.Uploader = (*AliyunSLBUploader)(nil)
+
+func New(config *AliyunSLBUploaderConfig) (*AliyunSLBUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.AccessKeySecret,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunSLBUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 查询证书列表，避免重复上传
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates
+	describeServerCertificatesReq := &aliyunSlb.DescribeServerCertificatesRequest{
+		RegionId: tea.String(u.config.Region),
+	}
+	describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeServerCertificates'")
+	}
+
+	if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil {
+		fingerprint := sha256.Sum256(certX509.Raw)
+		fingerprintHex := hex.EncodeToString(fingerprint[:])
+		for _, certDetail := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate {
+			isSameCert := *certDetail.IsAliCloudCertificate == 0 &&
+				strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) &&
+				strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName)
+			// 如果已存在相同证书，直接返回已有的证书信息
+			if isSameCert {
+				return &uploader.UploadResult{
+					CertId:   *certDetail.ServerCertificateId,
+					CertName: *certDetail.ServerCertificateName,
+				}, nil
+			}
+		}
+	}
+
+	// 生成新证书名（需符合阿里云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
+
+	// 去除证书和私钥内容中的空白行，以符合阿里云 API 要求
+	// REF: https://github.com/usual2970/certimate/issues/326
+	re := regexp.MustCompile(`(?m)^\s*$\n?`)
+	certPem = strings.TrimSpace(re.ReplaceAllString(certPem, ""))
+	privkeyPem = strings.TrimSpace(re.ReplaceAllString(privkeyPem, ""))
+
+	// 上传新证书
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate
+	uploadServerCertificateReq := &aliyunSlb.UploadServerCertificateRequest{
+		RegionId:              tea.String(u.config.Region),
+		ServerCertificateName: tea.String(certName),
+		ServerCertificate:     tea.String(certPem),
+		PrivateKey:            tea.String(privkeyPem),
+	}
+	uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificate(uploadServerCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.UploadServerCertificate'")
+	}
+
+	certId = *uploadServerCertificateResp.Body.ServerCertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // SLB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case
+		"cn-hangzhou",
+		"cn-hangzhou-finance",
+		"cn-shanghai-finance-1",
+		"cn-shenzhen-finance-1":
+		endpoint = "slb.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunSlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
+++ b/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
@@ -0,0 +1,68 @@
+package dogecloud
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
+)
+
+type DogeCloudUploaderConfig struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
+type DogeCloudUploader struct {
+	config    *DogeCloudUploaderConfig
+	sdkClient *doge.Client
+}
+
+var _ uploader.Uploader = (*DogeCloudUploader)(nil)
+
+func New(config *DogeCloudUploaderConfig) (*DogeCloudUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.AccessKey,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &DogeCloudUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *DogeCloudUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 生成新证书名（需符合多吉云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://docs.dogecloud.com/cdn/api-cert-upload
+	uploadSslCertResp, err := u.sdkClient.UploadCdnCert(certName, certPem, privkeyPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadCdnCert'")
+	}
+
+	certId = fmt.Sprintf("%d", uploadSslCertResp.Data.Id)
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKey, secretKey string) (*doge.Client, error) {
+	client := doge.NewClient(accessKey, secretKey)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -1,24 +1,30 @@
-package uploader
+package huaweicloudelb

 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"

 	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
 	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
 	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
 	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
+	hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
+	hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
+	hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
+	xerrors "github.com/pkg/errors"

+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )

 type HuaweiCloudELBUploaderConfig struct {
-	Region          string `json:"region"`
-	ProjectId       string `json:"projectId"`
 	AccessKeyId     string `json:"accessKeyId"`
 	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
 }

 type HuaweiCloudELBUploader struct {
@@ -26,10 +32,20 @@ type HuaweiCloudELBUploader struct {
 	sdkClient *hcElb.ElbClient
 }

-func NewHuaweiCloudELBUploader(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
-	client, err := (&HuaweiCloudELBUploader{config: config}).createSdkClient()
+var _ uploader.Uploader = (*HuaweiCloudELBUploader)(nil)
+
+func New(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.SecretAccessKey,
+		config.Region,
+	)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+		return nil, xerrors.Wrap(err, "failed to create sdk client: %w")
 	}

 	return &HuaweiCloudELBUploader{
@@ -38,7 +54,7 @@ func NewHuaweiCloudELBUploader(config *HuaweiCloudELBUploaderConfig) (*HuaweiClo
 	}, nil
 }

-func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error) {
+func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
 	newCert, err := x509.ParseCertificateFromPEM(certPem)
 	if err != nil {
@@ -58,7 +74,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 		}
 		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
 		if err != nil {
-			return nil, fmt.Errorf("failed to execute sdk request 'elb.ListCertificates': %w", err)
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
 		}

 		if listCertificatesResp.Certificates != nil {
@@ -77,7 +93,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri

 				// 如果已存在相同证书，直接返回已有的证书信息
 				if isSameCert {
-					return &UploadResult{
+					return &uploader.UploadResult{
 						CertId:   certDetail.Id,
 						CertName: certDetail.Name,
 					}, nil
@@ -87,14 +103,21 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri

 		if listCertificatesResp.Certificates == nil || len(*listCertificatesResp.Certificates) < int(listCertificatesLimit) {
 			break
-		}
-
+		} else {
 			listCertificatesMarker = listCertificatesResp.PageInfo.NextMarker
 			listCertificatesPage++
 			if listCertificatesPage >= 9 { // 避免死循环
 				break
 			}
 		}
+	}
+
+	// 获取项目 ID
+	// REF: https://support.huaweicloud.com/api-iam/iam_06_0001.html
+	projectId, err := getSdkProjectId(u.config.AccessKeyId, u.config.SecretAccessKey, u.config.Region)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to get SDK project id")
+	}

 	// 生成新证书名（需符合华为云命名规则）
 	var certId, certName string
@@ -105,7 +128,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 	createCertificateReq := &hcElbModel.CreateCertificateRequest{
 		Body: &hcElbModel.CreateCertificateRequestBody{
 			Certificate: &hcElbModel.CreateCertificateOption{
-				ProjectId:   cast.StringPtr(u.config.ProjectId),
+				ProjectId:   cast.StringPtr(projectId),
 				Name:        cast.StringPtr(certName),
 				Certificate: cast.StringPtr(certPem),
 				PrivateKey:  cast.StringPtr(privkeyPem),
@@ -114,21 +137,18 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 	}
 	createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq)
 	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'elb.CreateCertificate': %w", err)
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.CreateCertificate'")
 	}

 	certId = createCertificateResp.Certificate.Id
 	certName = createCertificateResp.Certificate.Name
-	return &UploadResult{
+	return &uploader.UploadResult{
 		CertId:   certId,
 		CertName: certName,
 	}, nil
 }

-func (u *HuaweiCloudELBUploader) createSdkClient() (*hcElb.ElbClient, error) {
-	region := u.config.Region
-	accessKeyId := u.config.AccessKeyId
-	secretAccessKey := u.config.SecretAccessKey
+func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
 	if region == "" {
 		region = "cn-north-4" // ELB 服务默认区域：华北四北京
 	}
@@ -157,3 +177,47 @@ func (u *HuaweiCloudELBUploader) createSdkClient() (*hcElb.ElbClient, error) {
 	client := hcElb.NewElbClient(hcClient)
 	return client, nil
 }
+
+func getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error) {
+	if region == "" {
+		region = "cn-north-4" // IAM 服务默认区域：华北四北京
+	}
+
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	hcRegion, err := hcIamRegion.SafeValueOf(region)
+	if err != nil {
+		return "", err
+	}
+
+	hcClient, err := hcIam.IamClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	client := hcIam.NewIamClient(hcClient)
+	if err != nil {
+		return "", err
+	}
+
+	request := &hcIamModel.KeystoneListProjectsRequest{
+		Name: &region,
+	}
+	response, err := client.KeystoneListProjects(request)
+	if err != nil {
+		return "", err
+	} else if response.Projects == nil || len(*response.Projects) == 0 {
+		return "", errors.New("no project found")
+	}
+
+	return (*response.Projects)[0].Id, nil
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@@ -1,7 +1,8 @@
-package uploader
+package huaweicloudscm

 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"

@@ -9,15 +10,17 @@ import (
 	hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
 	hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
 	hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
+	xerrors "github.com/pkg/errors"

+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )

 type HuaweiCloudSCMUploaderConfig struct {
-	Region          string `json:"region"`
 	AccessKeyId     string `json:"accessKeyId"`
 	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
 }

 type HuaweiCloudSCMUploader struct {
@@ -25,10 +28,20 @@ type HuaweiCloudSCMUploader struct {
 	sdkClient *hcScm.ScmClient
 }

-func NewHuaweiCloudSCMUploader(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
-	client, err := (&HuaweiCloudSCMUploader{config: config}).createSdkClient()
+var _ uploader.Uploader = (*HuaweiCloudSCMUploader)(nil)
+
+func New(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.AccessKeyId,
+		config.SecretAccessKey,
+		config.Region,
+	)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
 	}

 	return &HuaweiCloudSCMUploader{
@@ -37,7 +50,7 @@ func NewHuaweiCloudSCMUploader(config *HuaweiCloudSCMUploaderConfig) (*HuaweiClo
 	}, nil
 }

-func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error) {
+func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
 	certX509, err := x509.ParseCertificateFromPEM(certPem)
 	if err != nil {
@@ -59,7 +72,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 		}
 		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
 		if err != nil {
-			return nil, fmt.Errorf("failed to execute sdk request 'scm.ListCertificates': %w", err)
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ListCertificates'")
 		}

 		if listCertificatesResp.Certificates != nil {
@@ -72,7 +85,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 					if exportCertificateResp != nil && exportCertificateResp.HttpStatusCode == 404 {
 						continue
 					}
-					return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err)
+					return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ExportCertificate'")
 				}

 				var isSameCert bool
@@ -89,7 +102,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri

 				// 如果已存在相同证书，直接返回已有的证书信息
 				if isSameCert {
-					return &UploadResult{
+					return &uploader.UploadResult{
 						CertId:   certDetail.Id,
 						CertName: certDetail.Name,
 					}, nil
@@ -99,14 +112,14 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri

 		if listCertificatesResp.Certificates == nil || len(*listCertificatesResp.Certificates) < int(listCertificatesLimit) {
 			break
-		}
-
+		} else {
 			listCertificatesOffset += listCertificatesLimit
 			listCertificatesPage += 1
 			if listCertificatesPage > 99 { // 避免死循环
 				break
 			}
 		}
+	}

 	// 生成新证书名（需符合华为云命名规则）
 	var certId, certName string
@@ -123,20 +136,17 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 	}
 	importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq)
 	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'scm.ImportCertificate': %w", err)
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ImportCertificate'")
 	}

 	certId = *importCertificateResp.CertificateId
-	return &UploadResult{
+	return &uploader.UploadResult{
 		CertId:   certId,
 		CertName: certName,
 	}, nil
 }

-func (u *HuaweiCloudSCMUploader) createSdkClient() (*hcScm.ScmClient, error) {
-	region := u.config.Region
-	accessKeyId := u.config.AccessKeyId
-	secretAccessKey := u.config.SecretAccessKey
+func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcScm.ScmClient, error) {
 	if region == "" {
 		region = "cn-north-4" // SCM 服务默认区域：华北四北京
 	}
--- a/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
+++ b/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
@@ -0,0 +1,77 @@
+package qiniusslcert
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/qiniu/go-sdk/v7/auth"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
+)
+
+type QiniuSSLCertUploaderConfig struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
+type QiniuSSLCertUploader struct {
+	config    *QiniuSSLCertUploaderConfig
+	sdkClient *qiniuEx.Client
+}
+
+var _ uploader.Uploader = (*QiniuSSLCertUploader)(nil)
+
+func New(config *QiniuSSLCertUploaderConfig) (*QiniuSSLCertUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.AccessKey,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &QiniuSSLCertUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *QiniuSSLCertUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 生成新证书名（需符合七牛云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://developer.qiniu.com/fusion/8593/interface-related-certificate
+	uploadSslCertResp, err := u.sdkClient.UploadSslCert(certName, certX509.Subject.CommonName, certPem, privkeyPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadSslCert'")
+	}
+
+	certId = uploadSslCertResp.CertID
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
+	credential := auth.New(accessKey, secretKey)
+	client := qiniuEx.NewClient(credential)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
+++ b/internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
@@ -0,0 +1,73 @@
+package tencentcloudssl
+
+import (
+	"context"
+	"errors"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+)
+
+type TencentCloudSSLUploaderConfig struct {
+	SecretId  string `json:"secretId"`
+	SecretKey string `json:"secretKey"`
+}
+
+type TencentCloudSSLUploader struct {
+	config    *TencentCloudSSLUploaderConfig
+	sdkClient *tcSsl.Client
+}
+
+var _ uploader.Uploader = (*TencentCloudSSLUploader)(nil)
+
+func New(config *TencentCloudSSLUploaderConfig) (*TencentCloudSSLUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(
+		config.SecretId,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &TencentCloudSSLUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 上传新证书
+	// REF: https://cloud.tencent.com/document/product/400/41665
+	uploadCertificateReq := tcSsl.NewUploadCertificateRequest()
+	uploadCertificateReq.CertificatePublicKey = common.StringPtr(certPem)
+	uploadCertificateReq.CertificatePrivateKey = common.StringPtr(privkeyPem)
+	uploadCertificateReq.Repeatable = common.BoolPtr(false)
+	uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.UploadCertificate'")
+	}
+
+	certId := *uploadCertificateResp.Response.CertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: "",
+	}, nil
+}
+
+func createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) {
+	credential := common.NewCredential(secretId, secretKey)
+	client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
@@ -0,0 +1,112 @@
+package volcenginecdn
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/volcengine/volc-sdk-golang/service/cdn"
+)
+
+type VolcengineCDNUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+}
+
+type VolcengineCDNUploader struct {
+	config    *VolcengineCDNUploaderConfig
+	sdkClient *cdn.CDN
+}
+
+var _ uploader.Uploader = (*VolcengineCDNUploader)(nil)
+
+func New(config *VolcengineCDNUploaderConfig) (*VolcengineCDNUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	instance := cdn.NewInstance()
+	client := instance.Client
+	client.SetAccessKey(config.AccessKeyId)
+	client.SetSecretKey(config.AccessKeySecret)
+
+	return &VolcengineCDNUploader{
+		config:    config,
+		sdkClient: instance,
+	}, nil
+}
+
+func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+	// 查询证书列表，避免重复上传
+	// REF: https://www.volcengine.com/docs/6454/125709
+	pageNum := int64(1)
+	pageSize := int64(100)
+	certSource := "volc_cert_center"
+	listCertInfoReq := &cdn.ListCertInfoRequest{
+		PageNum:  &pageNum,
+		PageSize: &pageSize,
+		Source:   certSource,
+	}
+	searchTotal := 0
+	for {
+		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.ListCertInfo'")
+		}
+
+		if listCertInfoResp.Result.CertInfo != nil {
+			for _, certDetail := range listCertInfoResp.Result.CertInfo {
+				hash := sha256.Sum256(certX509.Raw)
+				isSameCert := strings.EqualFold(hex.EncodeToString(hash[:]), certDetail.CertFingerprint.Sha256)
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.CertId,
+						CertName: certDetail.Desc,
+					}, nil
+				}
+			}
+		}
+
+		searchTotal += len(listCertInfoResp.Result.CertInfo)
+		if int(listCertInfoResp.Result.Total) > searchTotal {
+			pageNum++
+		} else {
+			break
+		}
+
+	}
+	// 生成新证书名（需符合火山引擎命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+	// 上传新证书
+	// REF: https://www.volcengine.com/docs/6454/1245763
+	addCertificateReq := &cdn.AddCertificateRequest{
+		Certificate: certPem,
+		PrivateKey:  privkeyPem,
+		Source:      &certSource,
+		Desc:        &certName,
+	}
+	addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.AddCertificate'")
+	}
+
+	certId = addCertificateResp.Result.CertId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
--- a/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
@@ -0,0 +1,116 @@
+package volcenginelive
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	live "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
+)
+
+type VolcengineLiveUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+}
+
+type VolcengineLiveUploader struct {
+	config    *VolcengineLiveUploaderConfig
+	sdkClient *live.Live
+}
+
+var _ uploader.Uploader = (*VolcengineLiveUploader)(nil)
+
+func New(config *VolcengineLiveUploaderConfig) (*VolcengineLiveUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client := live.NewInstance()
+	client.SetAccessKey(config.AccessKeyId)
+	client.SetSecretKey(config.AccessKeySecret)
+
+	return &VolcengineLiveUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *VolcengineLiveUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+	// 查询证书列表，避免重复上传
+	// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E8%AF%A2%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8
+	listCertReq := &live.ListCertV2Body{}
+	listCertResp, err := u.sdkClient.ListCertV2(ctx, listCertReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.ListCertV2'")
+	}
+
+	if listCertResp.Result.CertList != nil {
+		for _, certDetail := range listCertResp.Result.CertList {
+
+			describeCertDetailSecretReq := &live.DescribeCertDetailSecretV2Body{
+				ChainID: cast.StringPtr(certDetail.ChainID),
+			}
+			// 查询证书详细信息
+			// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85
+			describeCertDetailSecretResp, detailErr := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
+			if detailErr != nil {
+				continue
+			}
+			var isSameCert bool
+			certificate := strings.Join(describeCertDetailSecretResp.Result.SSL.Chain, "\n\n")
+			if certificate == certPem {
+				isSameCert = true
+			} else {
+				cert, err := x509.ParseCertificateFromPEM(certificate)
+				if err != nil {
+					continue
+				}
+
+				isSameCert = x509.EqualCertificate(cert, certX509)
+			}
+			// 如果已存在相同证书，直接返回已有的证书信息
+			if isSameCert {
+				return &uploader.UploadResult{
+					CertId:   certDetail.ChainID,
+					CertName: certDetail.CertName,
+				}, nil
+			}
+		}
+	}
+
+	// 生成新证书名（需符合火山引擎命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+	// 上传新证书
+	// REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6
+	createCertReq := &live.CreateCertBody{
+		CertName:    &certName,
+		UseWay:      "https",
+		ProjectName: cast.StringPtr("default"),
+		Rsa: live.CreateCertBodyRsa{
+			Prikey: privkeyPem,
+			Pubkey: certPem,
+		},
+	}
+	createCertResp, err := u.sdkClient.CreateCert(ctx, createCertReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.CreateCert'")
+	}
+
+	certId = *createCertResp.Result.ChainID
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
--- a/internal/pkg/core/uploader/uploader.go
+++ b/internal/pkg/core/uploader/uploader.go
@@ -2,20 +2,20 @@

 import "context"

-// 表示定义证书上传者的抽象类型接口。
+// 表示定义证书上传器的抽象类型接口。
 // 云服务商通常会提供 SSL 证书管理服务，可供用户集中管理证书。
 // 注意与 `Deployer` 区分，“上传”通常为“部署”的前置操作。
 type Uploader interface {
 	// 上传证书。
 	//
 	// 入参：
-	//   - ctx：
-	//   - certPem：证书 PEM 内容
-	//   - privkeyPem：私钥 PEM 内容
+	//   - ctx：上下文。
+	//   - certPem：证书 PEM 内容。
+	//   - privkeyPem：私钥 PEM 内容。
 	//
 	// 出参：
-	//   - res：
-	//   - err：
+	//   - res：上传结果。
+	//   - err: 错误。
 	Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error)
 }

--- a/internal/pkg/core/uploader/uploader_tencentcloud_ssl.go
+++ b/internal/pkg/core/uploader/uploader_tencentcloud_ssl.go
@@ -1,91 +0,0 @@
-package uploader
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
-)
-
-type TencentCloudSSLUploaderConfig struct {
-	Region    string `json:"region"`
-	SecretId  string `json:"secretId"`
-	SecretKey string `json:"secretKey"`
-}
-
-type TencentCloudSSLUploader struct {
-	config    *TencentCloudSSLUploaderConfig
-	sdkClient *tcSsl.Client
-}
-
-func NewTencentCloudSSLUploader(config *TencentCloudSSLUploaderConfig) (*TencentCloudSSLUploader, error) {
-	client, err := (&TencentCloudSSLUploader{config: config}).createSdkClient()
-	if err != nil {
-		return nil, fmt.Errorf("failed to create sdk client: %w", err)
-	}
-
-	return &TencentCloudSSLUploader{
-		config:    config,
-		sdkClient: client,
-	}, nil
-}
-
-func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error) {
-	// 生成新证书名（需符合腾讯云命名规则）
-	var certId, certName string
-	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
-
-	// 上传新证书
-	// REF: https://cloud.tencent.com/document/product/400/41665
-	uploadCertificateReq := &tcSsl.UploadCertificateRequest{
-		Alias:                 cast.StringPtr(certName),
-		CertificatePublicKey:  cast.StringPtr(certPem),
-		CertificatePrivateKey: cast.StringPtr(privkeyPem),
-		Repeatable:            cast.BoolPtr(false),
-	}
-	uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
-	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'ssl.UploadCertificate': %w", err)
-	}
-
-	// 获取证书详情
-	// REF: https://cloud.tencent.com/document/api/400/41673
-	//
-	// P.S. 上传重复证书会返回上一次的证书 ID，这里需要重新获取一遍证书名（https://github.com/usual2970/certimate/pull/227）
-	describeCertificateDetailReq := &tcSsl.DescribeCertificateDetailRequest{
-		CertificateId: uploadCertificateResp.Response.CertificateId,
-	}
-	describeCertificateDetailResp, err := u.sdkClient.DescribeCertificateDetail(describeCertificateDetailReq)
-	if err != nil {
-		return nil, fmt.Errorf("failed to execute sdk request 'ssl.DescribeCertificateDetail': %w", err)
-	}
-
-	certId = *describeCertificateDetailResp.Response.CertificateId
-	certName = *describeCertificateDetailResp.Response.Alias
-	return &UploadResult{
-		CertId:   certId,
-		CertName: certName,
-	}, nil
-}
-
-func (u *TencentCloudSSLUploader) createSdkClient() (*tcSsl.Client, error) {
-	region := u.config.Region
-	secretId := u.config.SecretId
-	secretKey := u.config.SecretKey
-	if region == "" {
-		region = "ap-guangzhou" // SSL 服务默认区域：广州
-	}
-
-	credential := common.NewCredential(secretId, secretKey)
-	client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/pkg/utils/fs/fs.go
+++ b/internal/pkg/utils/fs/fs.go
@@ -0,0 +1,52 @@
+package fs
+
+import (
+	"os"
+	"path/filepath"
+
+	xerrors "github.com/pkg/errors"
+)
+
+// 与 [WriteFile] 类似，但写入的是字符串内容。
+//
+// 入参:
+//   - path: 文件路径。
+//   - content: 文件内容。
+//
+// 出参:
+//   - 错误。
+func WriteFileString(path string, content string) error {
+	return WriteFile(path, []byte(content))
+}
+
+// 将数据写入指定路径的文件。
+// 如果目录不存在，将会递归创建目录。
+// 如果文件不存在，将会创建该文件；如果文件已存在，将会覆盖原有内容。
+//
+// 入参:
+//   - path: 文件路径。
+//   - data: 文件数据字节数组。
+//
+// 出参:
+//   - 错误。
+func WriteFile(path string, data []byte) error {
+	dir := filepath.Dir(path)
+
+	err := os.MkdirAll(dir, os.ModePerm)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to create directory")
+	}
+
+	file, err := os.Create(path)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to create file")
+	}
+	defer file.Close()
+
+	_, err = file.Write(data)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to write file")
+	}
+
+	return nil
+}
--- a/internal/pkg/utils/maps/maps.go
+++ b/internal/pkg/utils/maps/maps.go
@@ -0,0 +1,164 @@
+package maps
+
+import "strconv"
+
+// 以字符串形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是字符串，则返回空字符串。
+func GetValueAsString(dict map[string]any, key string) string {
+	return GetValueOrDefaultAsString(dict, key, "")
+}
+
+// 以字符串形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是字符串，则返回默认值。
+func GetValueOrDefaultAsString(dict map[string]any, key string, defaultValue string) string {
+	if dict == nil {
+		return defaultValue
+	}
+
+	if value, ok := dict[key]; ok {
+		if result, ok := value.(string); ok {
+			return result
+		}
+	}
+
+	return defaultValue
+}
+
+// 以 32 位整数形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是 32 位整数，则返回 0。
+func GetValueAsInt32(dict map[string]any, key string) int32 {
+	return GetValueOrDefaultAsInt32(dict, key, 0)
+}
+
+// 以 32 位整数形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是 32 位整数，则返回默认值。
+func GetValueOrDefaultAsInt32(dict map[string]any, key string, defaultValue int32) int32 {
+	if dict == nil {
+		return defaultValue
+	}
+
+	if value, ok := dict[key]; ok {
+		if result, ok := value.(int32); ok {
+			return result
+		}
+
+		// 兼容字符串类型的值
+		if str, ok := value.(string); ok {
+			if result, err := strconv.ParseInt(str, 10, 32); err == nil {
+				return int32(result)
+			}
+		}
+	}
+
+	return defaultValue
+}
+
+// 以 64 位整数形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是 64 位整数，则返回 0。
+func GetValueAsInt64(dict map[string]any, key string) int64 {
+	return GetValueOrDefaultAsInt64(dict, key, 0)
+}
+
+// 以 64 位整数形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是 64 位整数，则返回默认值。
+func GetValueOrDefaultAsInt64(dict map[string]any, key string, defaultValue int64) int64 {
+	if dict == nil {
+		return defaultValue
+	}
+
+	if value, ok := dict[key]; ok {
+		if result, ok := value.(int64); ok {
+			return result
+		}
+
+		// 兼容字符串类型的值
+		if str, ok := value.(string); ok {
+			if result, err := strconv.ParseInt(str, 10, 64); err == nil {
+				return result
+			}
+		}
+	}
+
+	return defaultValue
+}
+
+// 以布尔形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是布尔，则返回 false。
+func GetValueAsBool(dict map[string]any, key string) bool {
+	return GetValueOrDefaultAsBool(dict, key, false)
+}
+
+// 以布尔形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//   - defaultValue: 默认值。
+//
+// 出参：
+//   - 字典中键对应的值。如果指定键不存在或者值的类型不是布尔，则返回默认值。
+func GetValueOrDefaultAsBool(dict map[string]any, key string, defaultValue bool) bool {
+	if dict == nil {
+		return defaultValue
+	}
+
+	if value, ok := dict[key]; ok {
+		if result, ok := value.(bool); ok {
+			return result
+		}
+
+		// 兼容字符串类型的值
+		if str, ok := value.(string); ok {
+			if result, err := strconv.ParseBool(str); err == nil {
+				return result
+			}
+		}
+	}
+
+	return defaultValue
+}
--- a/internal/pkg/utils/x509/common.go
+++ b/internal/pkg/utils/x509/common.go
@@ -0,0 +1,22 @@
+package x509
+
+import (
+	"crypto/x509"
+)
+
+// 比较两个 x509.Certificate 对象，判断它们是否是同一张证书。
+// 注意，这不是精确比较，而只是基于证书序列号和数字签名的快速判断，但对于权威 CA 签发的证书来说不会存在误判。
+//
+// 入参:
+//   - a: 待比较的第一个 x509.Certificate 对象。
+//   - b: 待比较的第二个 x509.Certificate 对象。
+//
+// 出参:
+//   - 是否相同。
+func EqualCertificate(a, b *x509.Certificate) bool {
+	return string(a.Signature) == string(b.Signature) &&
+		a.SignatureAlgorithm == b.SignatureAlgorithm &&
+		a.SerialNumber.String() == b.SerialNumber.String() &&
+		a.Issuer.SerialNumber == b.Issuer.SerialNumber &&
+		a.Subject.SerialNumber == b.Subject.SerialNumber
+}
--- a/internal/pkg/utils/x509/converter.go
+++ b/internal/pkg/utils/x509/converter.go
@@ -0,0 +1,31 @@
+package x509
+
+import (
+	"crypto/ecdsa"
+	"crypto/x509"
+	"encoding/pem"
+
+	xerrors "github.com/pkg/errors"
+)
+
+// 将 ecdsa.PrivateKey 对象转换为 PEM 编码的字符串。
+//
+// 入参:
+//   - privkey: ecdsa.PrivateKey 对象。
+//
+// 出参:
+//   - privkeyPem: 私钥 PEM 内容。
+//   - err: 错误。
+func ConvertECPrivateKeyToPEM(privkey *ecdsa.PrivateKey) (privkeyPem string, err error) {
+	data, err := x509.MarshalECPrivateKey(privkey)
+	if err != nil {
+		return "", xerrors.Wrap(err, "failed to marshal EC private key")
+	}
+
+	block := &pem.Block{
+		Type:  "EC PRIVATE KEY",
+		Bytes: data,
+	}
+
+	return string(pem.EncodeToMemory(block)), nil
+}
--- a/internal/pkg/utils/x509/parser.go
+++ b/internal/pkg/utils/x509/parser.go
@@ -0,0 +1,83 @@
+package x509
+
+import (
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+
+	xerrors "github.com/pkg/errors"
+)
+
+// 从 PEM 编码的证书字符串解析并返回一个 x509.Certificate 对象。
+//
+// 入参:
+//   - certPem: 证书 PEM 内容。
+//
+// 出参:
+//   - cert: x509.Certificate 对象。
+//   - err: 错误。
+func ParseCertificateFromPEM(certPem string) (cert *x509.Certificate, err error) {
+	pemData := []byte(certPem)
+
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, errors.New("failed to decode PEM block")
+	}
+
+	cert, err = x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to parse certificate")
+	}
+
+	return cert, nil
+}
+
+// 从 PEM 编码的私钥字符串解析并返回一个 ecdsa.PrivateKey 对象。
+//
+// 入参:
+//   - privkeyPem: 私钥 PEM 内容。
+//
+// 出参:
+//   - privkey: ecdsa.PrivateKey 对象。
+//   - err: 错误。
+func ParseECPrivateKeyFromPEM(privkeyPem string) (privkey *ecdsa.PrivateKey, err error) {
+	pemData := []byte(privkeyPem)
+
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, errors.New("failed to decode PEM block")
+	}
+
+	privkey, err = x509.ParseECPrivateKey(block.Bytes)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to parse private key")
+	}
+
+	return privkey, nil
+}
+
+// 从 PEM 编码的私钥字符串解析并返回一个 rsa.PrivateKey 对象。
+//
+// 入参:
+//   - privkeyPem: 私钥 PEM 内容。
+//
+// 出参:
+//   - privkey: rsa.PrivateKey 对象。
+//   - err: 错误。
+func ParsePKCS1PrivateKeyFromPEM(privkeyPem string) (privkey *rsa.PrivateKey, err error) {
+	pemData := []byte(privkeyPem)
+
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, errors.New("failed to decode PEM block")
+	}
+
+	privkey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to parse private key")
+	}
+
+	return privkey, nil
+}
--- a/internal/pkg/utils/x509/x509.go
+++ b/internal/pkg/utils/x509/x509.go
@@ -1,81 +0,0 @@
-package x509
-
-import (
-	"crypto/ecdsa"
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-)
-
-// 从 PEM 编码的证书字符串解析并返回一个 x509.Certificate 对象。
-//
-// 入参:
-//   - certPem: 证书 PEM 内容。
-//
-// 出参:
-//   - cert:
-//   - err:
-func ParseCertificateFromPEM(certPem string) (cert *x509.Certificate, err error) {
-	pemData := []byte(certPem)
-
-	block, _ := pem.Decode(pemData)
-	if block == nil {
-		return nil, fmt.Errorf("failed to decode PEM block")
-	}
-
-	cert, err = x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse certificate: %w", err)
-	}
-
-	return cert, nil
-}
-
-// 比较两个 x509.Certificate 对象，判断它们是否是同一张证书。
-// 注意，这不是精确比较，而只是基于证书序列号和数字签名的快速判断，但对于权威 CA 签发的证书来说不会存在误判。
-//
-// 入参:
-//   - a: 待比较的第一个 x509.Certificate 对象。
-//   - b: 待比较的第二个 x509.Certificate 对象。
-//
-// 出参:
-//   - 是否相同。
-func EqualCertificate(a, b *x509.Certificate) bool {
-	return string(a.Signature) == string(b.Signature) &&
-		a.SignatureAlgorithm == b.SignatureAlgorithm &&
-		a.SerialNumber.String() == b.SerialNumber.String() &&
-		a.Issuer.SerialNumber == b.Issuer.SerialNumber &&
-		a.Subject.SerialNumber == b.Subject.SerialNumber
-}
-
-// 将 ECDSA 私钥转换为 PEM 格式的字符串。
-func PrivateKeyToPEM(privateKey *ecdsa.PrivateKey) (string, error) {
-	data, err := x509.MarshalECPrivateKey(privateKey)
-	if err != nil {
-		return "", fmt.Errorf("failed to marshal EC private key: %w", err)
-	}
-
-	block := &pem.Block{
-		Type:  "EC PRIVATE KEY",
-		Bytes: data,
-	}
-
-	return string(pem.EncodeToMemory(block)), nil
-}
-
-// 从 PEM 编码的私钥字符串解析并返回一个 ECDSA 私钥对象。
-func ParsePrivateKeyFromPEM(privateKeyPem string) (*ecdsa.PrivateKey, error) {
-	pemData := []byte(privateKeyPem)
-
-	block, _ := pem.Decode(pemData)
-	if block == nil {
-		return nil, fmt.Errorf("failed to decode PEM block")
-	}
-
-	privateKey, err := x509.ParseECPrivateKey(block.Bytes)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse private key: %w", err)
-	}
-
-	return privateKey, nil
-}
--- a/internal/pkg/vendors/dogecloud-sdk/client.go
+++ b/internal/pkg/vendors/dogecloud-sdk/client.go
@@ -0,0 +1,183 @@
+package dogecloudsdk
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+const dogeHost = "https://api.dogecloud.com"
+
+type Client struct {
+	accessKey string
+	secretKey string
+}
+
+func NewClient(accessKey, secretKey string) *Client {
+	return &Client{accessKey: accessKey, secretKey: secretKey}
+}
+
+func (c *Client) UploadCdnCert(note, cert, private string) (*UploadCdnCertResponse, error) {
+	req := &UploadCdnCertRequest{
+		Note:        note,
+		Certificate: cert,
+		PrivateKey:  private,
+	}
+
+	reqBts, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	reqMap := make(map[string]interface{})
+	err = json.Unmarshal(reqBts, &reqMap)
+	if err != nil {
+		return nil, err
+	}
+
+	respBts, err := c.sendReq(http.MethodPost, "cdn/cert/upload.json", reqMap, true)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &UploadCdnCertResponse{}
+	err = json.Unmarshal(respBts, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) BindCdnCertWithDomain(certId int64, domain string) (*BindCdnCertResponse, error) {
+	req := &BindCdnCertRequest{
+		CertId: certId,
+		Domain: &domain,
+	}
+
+	reqBts, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	reqMap := make(map[string]interface{})
+	err = json.Unmarshal(reqBts, &reqMap)
+	if err != nil {
+		return nil, err
+	}
+
+	respBts, err := c.sendReq(http.MethodPost, "cdn/cert/bind.json", reqMap, true)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &BindCdnCertResponse{}
+	err = json.Unmarshal(respBts, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) BindCdnCertWithDomainId(certId int64, domainId int64) (*BindCdnCertResponse, error) {
+	req := &BindCdnCertRequest{
+		CertId:   certId,
+		DomainId: &domainId,
+	}
+
+	reqBts, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	reqMap := make(map[string]interface{})
+	err = json.Unmarshal(reqBts, &reqMap)
+	if err != nil {
+		return nil, err
+	}
+
+	respBts, err := c.sendReq(http.MethodPost, "cdn/cert/bind.json", reqMap, true)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &BindCdnCertResponse{}
+	err = json.Unmarshal(respBts, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message)
+	}
+
+	return resp, nil
+}
+
+// 调用多吉云的 API。
+// https://docs.dogecloud.com/cdn/api-access-token?id=go
+//
+// 入参：
+//   - method：GET 或 POST
+//   - path：是调用的 API 接口地址，包含 URL 请求参数 QueryString，例如：/console/vfetch/add.json?url=xxx&a=1&b=2
+//   - data：POST 的数据，对象，例如 {a: 1, b: 2}，传递此参数表示不是 GET 请求而是 POST 请求
+//   - jsonMode：数据 data 是否以 JSON 格式请求，默认为 false 则使用表单形式（a=1&b=2）
+func (c *Client) sendReq(method string, path string, data map[string]interface{}, jsonMode bool) ([]byte, error) {
+	body := ""
+	mime := ""
+	if jsonMode {
+		_body, err := json.Marshal(data)
+		if err != nil {
+			return nil, err
+		}
+		body = string(_body)
+		mime = "application/json"
+	} else {
+		values := url.Values{}
+		for k, v := range data {
+			values.Set(k, v.(string))
+		}
+		body = values.Encode()
+		mime = "application/x-www-form-urlencoded"
+	}
+
+	path = strings.TrimPrefix(path, "/")
+	signStr := "/" + path + "\n" + body
+	hmacObj := hmac.New(sha1.New, []byte(c.secretKey))
+	hmacObj.Write([]byte(signStr))
+	sign := hex.EncodeToString(hmacObj.Sum(nil))
+	auth := fmt.Sprintf("TOKEN %s:%s", c.accessKey, sign)
+
+	req, err := http.NewRequest(method, fmt.Sprintf("%s/%s", dogeHost, path), strings.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-Type", mime)
+	req.Header.Add("Authorization", auth)
+
+	client := http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	r, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return r, nil
+}
--- a/internal/pkg/vendors/dogecloud-sdk/models.go
+++ b/internal/pkg/vendors/dogecloud-sdk/models.go
@@ -0,0 +1,31 @@
+package dogecloudsdk
+
+type BaseResponse struct {
+	Code    *int    `json:"code,omitempty"`
+	Message *string `json:"msg,omitempty"`
+}
+
+type UploadCdnCertRequest struct {
+	Note        string `json:"note"`
+	Certificate string `json:"cert"`
+	PrivateKey  string `json:"private"`
+}
+
+type UploadCdnCertResponseData struct {
+	Id int64 `json:"id"`
+}
+
+type UploadCdnCertResponse struct {
+	BaseResponse
+	Data *UploadCdnCertResponseData `json:"data,omitempty"`
+}
+
+type BindCdnCertRequest struct {
+	CertId   int64   `json:"id"`
+	DomainId *int64  `json:"did,omitempty"`
+	Domain   *string `json:"domain,omitempty"`
+}
+
+type BindCdnCertResponse struct {
+	BaseResponse
+}
--- a/internal/pkg/vendors/huaweicloud-cdn-sdk/client.go
+++ b/internal/pkg/vendors/huaweicloud-cdn-sdk/client.go
@@ -0,0 +1,26 @@
+package huaweicloudcdnsdk
+
+import (
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core"
+	hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
+)
+
+type Client struct {
+	hcCdn.CdnClient
+}
+
+func NewClient(hcClient *core.HcHttpClient) *Client {
+	return &Client{
+		CdnClient: *hcCdn.NewCdnClient(hcClient),
+	}
+}
+
+func (c *Client) UploadDomainMultiCertificatesEx(request *UpdateDomainMultiCertificatesExRequest) (*UpdateDomainMultiCertificatesExResponse, error) {
+	requestDef := hcCdn.GenReqDefForUpdateDomainMultiCertificates()
+
+	if resp, err := c.HcClient.Sync(request, requestDef); err != nil {
+		return nil, err
+	} else {
+		return resp.(*UpdateDomainMultiCertificatesExResponse), nil
+	}
+}
--- a/internal/pkg/vendors/huaweicloud-cdn-sdk/models.go
+++ b/internal/pkg/vendors/huaweicloud-cdn-sdk/models.go
@@ -0,0 +1,62 @@
+package huaweicloudcdnsdk
+
+import (
+	hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
+
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+)
+
+type UpdateDomainMultiCertificatesExRequestBodyContent struct {
+	hcCdnModel.UpdateDomainMultiCertificatesRequestBodyContent `json:",inline"`
+
+	// 华为云官方 SDK 中目前提供的字段缺失，这里暂时先需自定义请求，可能需要等之后 SDK 更新。
+	SCMCertificateId *string `json:"scm_certificate_id,omitempty"`
+}
+
+type UpdateDomainMultiCertificatesExRequestBody struct {
+	Https *UpdateDomainMultiCertificatesExRequestBodyContent `json:"https,omitempty"`
+}
+
+type UpdateDomainMultiCertificatesExRequest struct {
+	Body *UpdateDomainMultiCertificatesExRequestBody `json:"body,omitempty"`
+}
+
+type UpdateDomainMultiCertificatesExResponse struct {
+	hcCdnModel.UpdateDomainMultiCertificatesResponse
+}
+
+func (m *UpdateDomainMultiCertificatesExRequestBodyContent) MergeConfig(src *hcCdnModel.ConfigsGetBody) *UpdateDomainMultiCertificatesExRequestBodyContent {
+	if src == nil {
+		return m
+	}
+
+	// 华为云 API 中不传的字段表示使用默认值、而非保留原值，因此这里需要把原配置中的参数重新赋值回去。
+	// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致，需要做很多转化。
+
+	if *src.OriginProtocol == "follow" {
+		m.AccessOriginWay = cast.Int32Ptr(1)
+	} else if *src.OriginProtocol == "http" {
+		m.AccessOriginWay = cast.Int32Ptr(2)
+	} else if *src.OriginProtocol == "https" {
+		m.AccessOriginWay = cast.Int32Ptr(3)
+	}
+
+	if src.ForceRedirect != nil {
+		m.ForceRedirectConfig = &hcCdnModel.ForceRedirect{}
+
+		if src.ForceRedirect.Status == "on" {
+			m.ForceRedirectConfig.Switch = 1
+			m.ForceRedirectConfig.RedirectType = src.ForceRedirect.Type
+		} else {
+			m.ForceRedirectConfig.Switch = 0
+		}
+	}
+
+	if src.Https != nil {
+		if *src.Https.Http2Status == "on" {
+			m.Http2 = cast.Int32Ptr(1)
+		}
+	}
+
+	return m
+}
--- a/internal/pkg/vendors/qiniu-sdk/client.go
+++ b/internal/pkg/vendors/qiniu-sdk/client.go
@@ -0,0 +1,160 @@
+package qiniusdk
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/qiniu/go-sdk/v7/auth"
+
+	xhttp "github.com/usual2970/certimate/internal/utils/http"
+)
+
+const qiniuHost = "https://api.qiniu.com"
+
+type Client struct {
+	mac *auth.Credentials
+}
+
+func NewClient(mac *auth.Credentials) *Client {
+	if mac == nil {
+		mac = auth.Default()
+	}
+	return &Client{mac: mac}
+}
+
+func (c *Client) GetDomainInfo(domain string) (*GetDomainInfoResponse, error) {
+	respBytes, err := c.sendReq(http.MethodGet, fmt.Sprintf("domain/%s", domain), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &GetDomainInfoResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) ModifyDomainHttpsConf(domain, certId string, forceHttps, http2Enable bool) (*ModifyDomainHttpsConfResponse, error) {
+	req := &ModifyDomainHttpsConfRequest{
+		DomainInfoHttpsData: DomainInfoHttpsData{
+			CertID:      certId,
+			ForceHttps:  forceHttps,
+			Http2Enable: http2Enable,
+		},
+	}
+
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	respBytes, err := c.sendReq(http.MethodPut, fmt.Sprintf("domain/%s/httpsconf", domain), bytes.NewReader(reqBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &ModifyDomainHttpsConfResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) EnableDomainHttps(domain, certId string, forceHttps, http2Enable bool) (*EnableDomainHttpsResponse, error) {
+	req := &EnableDomainHttpsRequest{
+		DomainInfoHttpsData: DomainInfoHttpsData{
+			CertID:      certId,
+			ForceHttps:  forceHttps,
+			Http2Enable: http2Enable,
+		},
+	}
+
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	respBytes, err := c.sendReq(http.MethodPut, fmt.Sprintf("domain/%s/sslize", domain), bytes.NewReader(reqBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &EnableDomainHttpsResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) UploadSslCert(name, commonName, certificate, privateKey string) (*UploadSslCertResponse, error) {
+	req := &UploadSslCertRequest{
+		Name:        name,
+		CommonName:  commonName,
+		Certificate: certificate,
+		PrivateKey:  privateKey,
+	}
+
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	respBytes, err := c.sendReq(http.MethodPost, "sslcert", bytes.NewReader(reqBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &UploadSslCertResponse{}
+	err = json.Unmarshal(respBytes, resp)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 {
+		return nil, fmt.Errorf("qiniu api error, code: %d, error: %s", *resp.Code, *resp.Error)
+	}
+
+	return resp, nil
+}
+
+func (c *Client) sendReq(method string, path string, body io.Reader) ([]byte, error) {
+	req := xhttp.BuildReq(fmt.Sprintf("%s/%s", qiniuHost, path), method, body, map[string]string{
+		"Content-Type": "application/json",
+	})
+
+	if err := c.mac.AddToken(auth.TokenQBox, req); err != nil {
+		return nil, err
+	}
+
+	respBody, err := xhttp.ToRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer respBody.Close()
+
+	res, err := io.ReadAll(respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}
--- a/internal/pkg/vendors/qiniu-sdk/models.go
+++ b/internal/pkg/vendors/qiniu-sdk/models.go
@@ -0,0 +1,54 @@
+package qiniusdk
+
+type BaseResponse struct {
+	Code  *int    `json:"code,omitempty"`
+	Error *string `json:"error,omitempty"`
+}
+
+type UploadSslCertRequest struct {
+	Name        string `json:"name"`
+	CommonName  string `json:"common_name"`
+	Certificate string `json:"ca"`
+	PrivateKey  string `json:"pri"`
+}
+
+type UploadSslCertResponse struct {
+	*BaseResponse
+	CertID string `json:"certID"`
+}
+
+type DomainInfoHttpsData struct {
+	CertID      string `json:"certId"`
+	ForceHttps  bool   `json:"forceHttps"`
+	Http2Enable bool   `json:"http2Enable"`
+}
+
+type GetDomainInfoResponse struct {
+	BaseResponse
+	Name               string               `json:"name"`
+	Type               string               `json:"type"`
+	CName              string               `json:"cname"`
+	Https              *DomainInfoHttpsData `json:"https"`
+	PareDomain         string               `json:"pareDomain"`
+	OperationType      string               `json:"operationType"`
+	OperatingState     string               `json:"operatingState"`
+	OperatingStateDesc string               `json:"operatingStateDesc"`
+	CreateAt           string               `json:"createAt"`
+	ModifyAt           string               `json:"modifyAt"`
+}
+
+type ModifyDomainHttpsConfRequest struct {
+	DomainInfoHttpsData
+}
+
+type ModifyDomainHttpsConfResponse struct {
+	BaseResponse
+}
+
+type EnableDomainHttpsRequest struct {
+	DomainInfoHttpsData
+}
+
+type EnableDomainHttpsResponse struct {
+	BaseResponse
+}
--- a/internal/utils/rand/rand.go
+++ b/internal/utils/rand/rand.go
@@ -5,7 +5,8 @@ import (
 	"time"
 )

-// RandStr 随机生成指定长度字符串
+// Deprecated: this will be removed in the future.
+// 随机生成指定长度字符串
 func RandStr(n int) string {
 	seed := time.Now().UnixNano()
 	source := rand.NewSource(seed)
--- a/migrations/1730766480_collections_snapshot.go
+++ b/migrations/1730766480_collections_snapshot.go
@@ -0,0 +1,807 @@
+package migrations
+
+import (
+	"encoding/json"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/daos"
+	m "github.com/pocketbase/pocketbase/migrations"
+	"github.com/pocketbase/pocketbase/models"
+)
+
+func init() {
+	m.Register(func(db dbx.Builder) error {
+		jsonData := `[
+			{
+				"id": "z3p974ainxjqlvs",
+				"created": "2024-07-29 10:02:48.334Z",
+				"updated": "2024-10-23 09:25:43.083Z",
+				"name": "domains",
+				"type": "base",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "iuaerpl2",
+						"name": "domain",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "ukkhuw85",
+						"name": "email",
+						"type": "email",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"exceptDomains": null,
+							"onlyDomains": null
+						}
+					},
+					{
+						"system": false,
+						"id": "v98eebqq",
+						"name": "crontab",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "alc8e9ow",
+						"name": "access",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "4yzbv8urny5ja1e",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": 1,
+							"displayFields": null
+						}
+					},
+					{
+						"system": false,
+						"id": "topsc9bj",
+						"name": "certUrl",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "vixgq072",
+						"name": "certStableUrl",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "g3a3sza5",
+						"name": "privateKey",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "gr6iouny",
+						"name": "certificate",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "tk6vnrmn",
+						"name": "issuerCertificate",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "sjo6ibse",
+						"name": "csr",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "x03n1bkj",
+						"name": "expiredAt",
+						"type": "date",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": "",
+							"max": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "srybpixz",
+						"name": "targetType",
+						"type": "select",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSelect": 1,
+							"values": [
+								"aliyun-oss",
+								"aliyun-cdn",
+								"aliyun-dcdn",
+								"ssh",
+								"webhook",
+								"tencent-cdn",
+								"qiniu-cdn",
+								"local"
+							]
+						}
+					},
+					{
+						"system": false,
+						"id": "xy7yk0mb",
+						"name": "targetAccess",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "4yzbv8urny5ja1e",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": 1,
+							"displayFields": null
+						}
+					},
+					{
+						"system": false,
+						"id": "6jqeyggw",
+						"name": "enabled",
+						"type": "bool",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {}
+					},
+					{
+						"system": false,
+						"id": "hdsjcchf",
+						"name": "deployed",
+						"type": "bool",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {}
+					},
+					{
+						"system": false,
+						"id": "aiya3rev",
+						"name": "rightnow",
+						"type": "bool",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {}
+					},
+					{
+						"system": false,
+						"id": "ixznmhzc",
+						"name": "lastDeployedAt",
+						"type": "date",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": "",
+							"max": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "ghtlkn5j",
+						"name": "lastDeployment",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "0a1o4e6sstp694f",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": 1,
+							"displayFields": null
+						}
+					},
+					{
+						"system": false,
+						"id": "zfnyj9he",
+						"name": "variables",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "1bspzuku",
+						"name": "group",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "teolp9pl72dxlxq",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": 1,
+							"displayFields": null
+						}
+					},
+					{
+						"system": false,
+						"id": "g65gfh7a",
+						"name": "nameservers",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "wwrzc3jo",
+						"name": "applyConfig",
+						"type": "json",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSize": 2000000
+						}
+					},
+					{
+						"system": false,
+						"id": "474iwy8r",
+						"name": "deployConfig",
+						"type": "json",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSize": 2000000
+						}
+					}
+				],
+				"indexes": [
+					"CREATE UNIQUE INDEX ` + "`" + `idx_4ABO6EQ` + "`" + ` ON ` + "`" + `domains` + "`" + ` (` + "`" + `domain` + "`" + `)"
+				],
+				"listRule": null,
+				"viewRule": null,
+				"createRule": null,
+				"updateRule": null,
+				"deleteRule": null,
+				"options": {}
+			},
+			{
+				"id": "4yzbv8urny5ja1e",
+				"created": "2024-07-29 10:04:39.685Z",
+				"updated": "2024-11-05 00:21:32.129Z",
+				"name": "access",
+				"type": "base",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "geeur58v",
+						"name": "name",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "iql7jpwx",
+						"name": "config",
+						"type": "json",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSize": 2000000
+						}
+					},
+					{
+						"system": false,
+						"id": "hwy7m03o",
+						"name": "configType",
+						"type": "select",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSelect": 1,
+							"values": [
+								"aliyun",
+								"tencent",
+								"huaweicloud",
+								"qiniu",
+								"aws",
+								"cloudflare",
+								"namesilo",
+								"godaddy",
+								"pdns",
+								"httpreq",
+								"local",
+								"ssh",
+								"webhook",
+								"k8s",
+								"baiducloud",
+								"dogecloud"
+							]
+						}
+					},
+					{
+						"system": false,
+						"id": "lr33hiwg",
+						"name": "deleted",
+						"type": "date",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": "",
+							"max": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "hsxcnlvd",
+						"name": "usage",
+						"type": "select",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSelect": 1,
+							"values": [
+								"apply",
+								"deploy",
+								"all"
+							]
+						}
+					},
+					{
+						"system": false,
+						"id": "c8egzzwj",
+						"name": "group",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "teolp9pl72dxlxq",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": 1,
+							"displayFields": null
+						}
+					}
+				],
+				"indexes": [
+					"CREATE UNIQUE INDEX ` + "`" + `idx_wkoST0j` + "`" + ` ON ` + "`" + `access` + "`" + ` (` + "`" + `name` + "`" + `)"
+				],
+				"listRule": null,
+				"viewRule": null,
+				"createRule": null,
+				"updateRule": null,
+				"deleteRule": null,
+				"options": {}
+			},
+			{
+				"id": "0a1o4e6sstp694f",
+				"created": "2024-07-30 06:30:27.801Z",
+				"updated": "2024-10-23 09:25:43.084Z",
+				"name": "deployments",
+				"type": "base",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "farvlzk7",
+						"name": "domain",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "z3p974ainxjqlvs",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": 1,
+							"displayFields": null
+						}
+					},
+					{
+						"system": false,
+						"id": "jx5f69i3",
+						"name": "log",
+						"type": "json",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSize": 2000000
+						}
+					},
+					{
+						"system": false,
+						"id": "qbxdtg9q",
+						"name": "phase",
+						"type": "select",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSelect": 1,
+							"values": [
+								"check",
+								"apply",
+								"deploy"
+							]
+						}
+					},
+					{
+						"system": false,
+						"id": "rglrp1hz",
+						"name": "phaseSuccess",
+						"type": "bool",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {}
+					},
+					{
+						"system": false,
+						"id": "lt1g1blu",
+						"name": "deployedAt",
+						"type": "date",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": "",
+							"max": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "wledpzgb",
+						"name": "wholeSuccess",
+						"type": "bool",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {}
+					}
+				],
+				"indexes": [],
+				"listRule": null,
+				"viewRule": null,
+				"createRule": null,
+				"updateRule": null,
+				"deleteRule": null,
+				"options": {}
+			},
+			{
+				"id": "_pb_users_auth_",
+				"created": "2024-09-12 13:09:54.234Z",
+				"updated": "2024-10-23 09:25:43.085Z",
+				"name": "users",
+				"type": "auth",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "users_name",
+						"name": "name",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "users_avatar",
+						"name": "avatar",
+						"type": "file",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"mimeTypes": [
+								"image/jpeg",
+								"image/png",
+								"image/svg+xml",
+								"image/gif",
+								"image/webp"
+							],
+							"thumbs": null,
+							"maxSelect": 1,
+							"maxSize": 5242880,
+							"protected": false
+						}
+					}
+				],
+				"indexes": [],
+				"listRule": "id = @request.auth.id",
+				"viewRule": "id = @request.auth.id",
+				"createRule": "",
+				"updateRule": "id = @request.auth.id",
+				"deleteRule": "id = @request.auth.id",
+				"options": {
+					"allowEmailAuth": true,
+					"allowOAuth2Auth": true,
+					"allowUsernameAuth": true,
+					"exceptEmailDomains": null,
+					"manageRule": null,
+					"minPasswordLength": 8,
+					"onlyEmailDomains": null,
+					"onlyVerified": false,
+					"requireEmail": false
+				}
+			},
+			{
+				"id": "dy6ccjb60spfy6p",
+				"created": "2024-09-12 23:12:21.677Z",
+				"updated": "2024-10-23 09:25:43.085Z",
+				"name": "settings",
+				"type": "base",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "1tcmdsdf",
+						"name": "name",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "f9wyhypi",
+						"name": "content",
+						"type": "json",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSize": 2000000
+						}
+					}
+				],
+				"indexes": [
+					"CREATE UNIQUE INDEX ` + "`" + `idx_RO7X9Vw` + "`" + ` ON ` + "`" + `settings` + "`" + ` (` + "`" + `name` + "`" + `)"
+				],
+				"listRule": null,
+				"viewRule": null,
+				"createRule": null,
+				"updateRule": null,
+				"deleteRule": null,
+				"options": {}
+			},
+			{
+				"id": "teolp9pl72dxlxq",
+				"created": "2024-09-13 12:51:05.611Z",
+				"updated": "2024-10-23 09:25:43.086Z",
+				"name": "access_groups",
+				"type": "base",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "7sajiv6i",
+						"name": "name",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "xp8admif",
+						"name": "access",
+						"type": "relation",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"collectionId": "4yzbv8urny5ja1e",
+							"cascadeDelete": false,
+							"minSelect": null,
+							"maxSelect": null,
+							"displayFields": null
+						}
+					}
+				],
+				"indexes": [
+					"CREATE UNIQUE INDEX ` + "`" + `idx_RgRXp0R` + "`" + ` ON ` + "`" + `access_groups` + "`" + ` (` + "`" + `name` + "`" + `)"
+				],
+				"listRule": null,
+				"viewRule": null,
+				"createRule": null,
+				"updateRule": null,
+				"deleteRule": null,
+				"options": {}
+			},
+			{
+				"id": "012d7abbod1hwvr",
+				"created": "2024-10-23 06:37:13.155Z",
+				"updated": "2024-10-23 09:25:43.086Z",
+				"name": "acme_accounts",
+				"type": "base",
+				"system": false,
+				"schema": [
+					{
+						"system": false,
+						"id": "fmjfn0yw",
+						"name": "ca",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "qqwijqzt",
+						"name": "email",
+						"type": "email",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"exceptDomains": null,
+							"onlyDomains": null
+						}
+					},
+					{
+						"system": false,
+						"id": "genxqtii",
+						"name": "key",
+						"type": "text",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"min": null,
+							"max": null,
+							"pattern": ""
+						}
+					},
+					{
+						"system": false,
+						"id": "1aoia909",
+						"name": "resource",
+						"type": "json",
+						"required": false,
+						"presentable": false,
+						"unique": false,
+						"options": {
+							"maxSize": 2000000
+						}
+					}
+				],
+				"indexes": [],
+				"listRule": null,
+				"viewRule": null,
+				"createRule": null,
+				"updateRule": null,
+				"deleteRule": null,
+				"options": {}
+			}
+		]`
+
+		collections := []*models.Collection{}
+		if err := json.Unmarshal([]byte(jsonData), &collections); err != nil {
+			return err
+		}
+
+		return daos.New(db).ImportCollections(collections, true, nil)
+	}, func(db dbx.Builder) error {
+		return nil
+	})
+}
--- a/migrations/1731463526_updated_access.go
+++ b/migrations/1731463526_updated_access.go
@@ -0,0 +1,105 @@
+package migrations
+
+import (
+	"encoding/json"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/daos"
+	m "github.com/pocketbase/pocketbase/migrations"
+	"github.com/pocketbase/pocketbase/models/schema"
+)
+
+func init() {
+	m.Register(func(db dbx.Builder) error {
+		dao := daos.New(db)
+
+		collection, err := dao.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+		if err != nil {
+			return err
+		}
+
+		// update
+		edit_configType := &schema.SchemaField{}
+		if err := json.Unmarshal([]byte(`{
+			"system": false,
+			"id": "hwy7m03o",
+			"name": "configType",
+			"type": "select",
+			"required": false,
+			"presentable": false,
+			"unique": false,
+			"options": {
+				"maxSelect": 1,
+				"values": [
+					"aliyun",
+					"tencent",
+					"huaweicloud",
+					"qiniu",
+					"aws",
+					"cloudflare",
+					"namesilo",
+					"godaddy",
+					"pdns",
+					"httpreq",
+					"local",
+					"ssh",
+					"webhook",
+					"k8s",
+					"baiducloud",
+					"dogecloud",
+					"volcengine"
+				]
+			}
+		}`), edit_configType); err != nil {
+			return err
+		}
+		collection.Schema.AddField(edit_configType)
+
+		return dao.SaveCollection(collection)
+	}, func(db dbx.Builder) error {
+		dao := daos.New(db)
+
+		collection, err := dao.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+		if err != nil {
+			return err
+		}
+
+		// update
+		edit_configType := &schema.SchemaField{}
+		if err := json.Unmarshal([]byte(`{
+			"system": false,
+			"id": "hwy7m03o",
+			"name": "configType",
+			"type": "select",
+			"required": false,
+			"presentable": false,
+			"unique": false,
+			"options": {
+				"maxSelect": 1,
+				"values": [
+					"aliyun",
+					"tencent",
+					"huaweicloud",
+					"qiniu",
+					"aws",
+					"cloudflare",
+					"namesilo",
+					"godaddy",
+					"pdns",
+					"httpreq",
+					"local",
+					"ssh",
+					"webhook",
+					"k8s",
+					"baiducloud",
+					"dogecloud"
+				]
+			}
+		}`), edit_configType); err != nil {
+			return err
+		}
+		collection.Schema.AddField(edit_configType)
+
+		return dao.SaveCollection(collection)
+	})
+}
--- a/ui/index.html
+++ b/ui/index.html
@@ -6,7 +6,7 @@
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Certimate - Your Trusted SSL Automation Partner</title>
  </head>
-  <body class="bg-background">
+  <body class="bg-background" style="pointer-events: auto !important">
    <div id="root"></div>
    <script type="module" src="/src/main.tsx"></script>
  </body>
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
@@ -12,10 +12,11 @@
        "@radix-ui/react-accordion": "^1.2.0",
        "@radix-ui/react-alert-dialog": "^1.1.1",
        "@radix-ui/react-collapsible": "^1.1.1",
-        "@radix-ui/react-dialog": "^1.1.1",
+        "@radix-ui/react-dialog": "^1.1.2",
        "@radix-ui/react-dropdown-menu": "^2.1.1",
        "@radix-ui/react-label": "^2.1.0",
        "@radix-ui/react-navigation-menu": "^1.2.0",
+        "@radix-ui/react-popover": "^1.1.2",
        "@radix-ui/react-progress": "^1.1.0",
        "@radix-ui/react-radio-group": "^1.2.0",
        "@radix-ui/react-scroll-area": "^1.1.0",
@@ -28,6 +29,7 @@
        "@radix-ui/react-tooltip": "^1.1.2",
        "class-variance-authority": "^0.7.0",
        "clsx": "^2.1.1",
+        "cmdk": "^1.0.0",
        "i18next": "^23.15.1",
        "i18next-browser-languagedetector": "^8.0.0",
        "i18next-http-backend": "^2.6.1",
@@ -1243,6 +1245,41 @@
        }
      }
    },
+    "node_modules/@radix-ui/react-alert-dialog/node_modules/@radix-ui/react-dialog": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dialog/-/react-dialog-1.1.1.tgz",
+      "integrity": "sha512-zysS+iU4YP3STKNS6USvFVqI4qqx8EpiwmT5TuCApVEBca+eRCbONi4EgzfNSuVnOXvC5UPHHMjs8RXO6DH9Bg==",
+      "dependencies": {
+        "@radix-ui/primitive": "1.1.0",
+        "@radix-ui/react-compose-refs": "1.1.0",
+        "@radix-ui/react-context": "1.1.0",
+        "@radix-ui/react-dismissable-layer": "1.1.0",
+        "@radix-ui/react-focus-guards": "1.1.0",
+        "@radix-ui/react-focus-scope": "1.1.0",
+        "@radix-ui/react-id": "1.1.0",
+        "@radix-ui/react-portal": "1.1.1",
+        "@radix-ui/react-presence": "1.1.0",
+        "@radix-ui/react-primitive": "2.0.0",
+        "@radix-ui/react-slot": "1.1.0",
+        "@radix-ui/react-use-controllable-state": "1.1.0",
+        "aria-hidden": "^1.1.1",
+        "react-remove-scroll": "2.5.7"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
    "node_modules/@radix-ui/react-arrow": {
      "version": "1.1.0",
      "resolved": "https://registry.npmmirror.com/@radix-ui/react-arrow/-/react-arrow-1.1.0.tgz",
@@ -1385,24 +1422,24 @@
      }
    },
    "node_modules/@radix-ui/react-dialog": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dialog/-/react-dialog-1.1.1.tgz",
-      "integrity": "sha512-zysS+iU4YP3STKNS6USvFVqI4qqx8EpiwmT5TuCApVEBca+eRCbONi4EgzfNSuVnOXvC5UPHHMjs8RXO6DH9Bg==",
+      "version": "1.1.2",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dialog/-/react-dialog-1.1.2.tgz",
+      "integrity": "sha512-Yj4dZtqa2o+kG61fzB0H2qUvmwBA2oyQroGLyNtBj1beo1khoQ3q1a2AO8rrQYjd8256CO9+N8L9tvsS+bnIyA==",
      "dependencies": {
        "@radix-ui/primitive": "1.1.0",
        "@radix-ui/react-compose-refs": "1.1.0",
-        "@radix-ui/react-context": "1.1.0",
-        "@radix-ui/react-dismissable-layer": "1.1.0",
-        "@radix-ui/react-focus-guards": "1.1.0",
+        "@radix-ui/react-context": "1.1.1",
+        "@radix-ui/react-dismissable-layer": "1.1.1",
+        "@radix-ui/react-focus-guards": "1.1.1",
        "@radix-ui/react-focus-scope": "1.1.0",
        "@radix-ui/react-id": "1.1.0",
-        "@radix-ui/react-portal": "1.1.1",
-        "@radix-ui/react-presence": "1.1.0",
+        "@radix-ui/react-portal": "1.1.2",
+        "@radix-ui/react-presence": "1.1.1",
        "@radix-ui/react-primitive": "2.0.0",
        "@radix-ui/react-slot": "1.1.0",
        "@radix-ui/react-use-controllable-state": "1.1.0",
        "aria-hidden": "^1.1.1",
-        "react-remove-scroll": "2.5.7"
+        "react-remove-scroll": "2.6.0"
      },
      "peerDependencies": {
        "@types/react": "*",
@@ -1419,6 +1456,130 @@
        }
      }
    },
+    "node_modules/@radix-ui/react-dialog/node_modules/@radix-ui/react-context": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-context/-/react-context-1.1.1.tgz",
+      "integrity": "sha512-UASk9zi+crv9WteK/NU4PLvOoL3OuE6BWVKNF6hPRBtYBDXQ2u5iu3O59zUlJiTVvkyuycnqrztsHVJwcK9K+Q==",
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-dialog/node_modules/@radix-ui/react-dismissable-layer": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.1.1.tgz",
+      "integrity": "sha512-QSxg29lfr/xcev6kSz7MAlmDnzbP1eI/Dwn3Tp1ip0KT5CUELsxkekFEMVBEoykI3oV39hKT4TKZzBNMbcTZYQ==",
+      "dependencies": {
+        "@radix-ui/primitive": "1.1.0",
+        "@radix-ui/react-compose-refs": "1.1.0",
+        "@radix-ui/react-primitive": "2.0.0",
+        "@radix-ui/react-use-callback-ref": "1.1.0",
+        "@radix-ui/react-use-escape-keydown": "1.1.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-dialog/node_modules/@radix-ui/react-focus-guards": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-focus-guards/-/react-focus-guards-1.1.1.tgz",
+      "integrity": "sha512-pSIwfrT1a6sIoDASCSpFwOasEwKTZWDw/iBdtnqKO7v6FeOzYJ7U53cPzYFVR3geGGXgVHaH+CdngrrAzqUGxg==",
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-dialog/node_modules/@radix-ui/react-portal": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-portal/-/react-portal-1.1.2.tgz",
+      "integrity": "sha512-WeDYLGPxJb/5EGBoedyJbT0MpoULmwnIPMJMSldkuiMsBAv7N1cRdsTWZWht9vpPOiN3qyiGAtbK2is47/uMFg==",
+      "dependencies": {
+        "@radix-ui/react-primitive": "2.0.0",
+        "@radix-ui/react-use-layout-effect": "1.1.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-dialog/node_modules/@radix-ui/react-presence": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-presence/-/react-presence-1.1.1.tgz",
+      "integrity": "sha512-IeFXVi4YS1K0wVZzXNrbaaUvIJ3qdY+/Ih4eHFhWA9SwGR9UDX7Ck8abvL57C4cv3wwMvUE0OG69Qc3NCcTe/A==",
+      "dependencies": {
+        "@radix-ui/react-compose-refs": "1.1.0",
+        "@radix-ui/react-use-layout-effect": "1.1.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-dialog/node_modules/react-remove-scroll": {
+      "version": "2.6.0",
+      "resolved": "https://registry.npmmirror.com/react-remove-scroll/-/react-remove-scroll-2.6.0.tgz",
+      "integrity": "sha512-I2U4JVEsQenxDAKaVa3VZ/JeJZe0/2DxPWL8Tj8yLKctQJQiZM52pn/GWFpSp8dftjM3pSAHVJZscAnC/y+ySQ==",
+      "dependencies": {
+        "react-remove-scroll-bar": "^2.3.6",
+        "react-style-singleton": "^2.2.1",
+        "tslib": "^2.1.0",
+        "use-callback-ref": "^1.3.0",
+        "use-sidecar": "^1.1.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
    "node_modules/@radix-ui/react-direction": {
      "version": "1.1.0",
      "resolved": "https://registry.npmmirror.com/@radix-ui/react-direction/-/react-direction-1.1.0.tgz",
@@ -1638,6 +1799,166 @@
        }
      }
    },
+    "node_modules/@radix-ui/react-popover": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-popover/-/react-popover-1.1.2.tgz",
+      "integrity": "sha512-u2HRUyWW+lOiA2g0Le0tMmT55FGOEWHwPFt1EPfbLly7uXQExFo5duNKqG2DzmFXIdqOeNd+TpE8baHWJCyP9w==",
+      "dependencies": {
+        "@radix-ui/primitive": "1.1.0",
+        "@radix-ui/react-compose-refs": "1.1.0",
+        "@radix-ui/react-context": "1.1.1",
+        "@radix-ui/react-dismissable-layer": "1.1.1",
+        "@radix-ui/react-focus-guards": "1.1.1",
+        "@radix-ui/react-focus-scope": "1.1.0",
+        "@radix-ui/react-id": "1.1.0",
+        "@radix-ui/react-popper": "1.2.0",
+        "@radix-ui/react-portal": "1.1.2",
+        "@radix-ui/react-presence": "1.1.1",
+        "@radix-ui/react-primitive": "2.0.0",
+        "@radix-ui/react-slot": "1.1.0",
+        "@radix-ui/react-use-controllable-state": "1.1.0",
+        "aria-hidden": "^1.1.1",
+        "react-remove-scroll": "2.6.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-context": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-context/-/react-context-1.1.1.tgz",
+      "integrity": "sha512-UASk9zi+crv9WteK/NU4PLvOoL3OuE6BWVKNF6hPRBtYBDXQ2u5iu3O59zUlJiTVvkyuycnqrztsHVJwcK9K+Q==",
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-dismissable-layer": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.1.1.tgz",
+      "integrity": "sha512-QSxg29lfr/xcev6kSz7MAlmDnzbP1eI/Dwn3Tp1ip0KT5CUELsxkekFEMVBEoykI3oV39hKT4TKZzBNMbcTZYQ==",
+      "dependencies": {
+        "@radix-ui/primitive": "1.1.0",
+        "@radix-ui/react-compose-refs": "1.1.0",
+        "@radix-ui/react-primitive": "2.0.0",
+        "@radix-ui/react-use-callback-ref": "1.1.0",
+        "@radix-ui/react-use-escape-keydown": "1.1.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-focus-guards": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-focus-guards/-/react-focus-guards-1.1.1.tgz",
+      "integrity": "sha512-pSIwfrT1a6sIoDASCSpFwOasEwKTZWDw/iBdtnqKO7v6FeOzYJ7U53cPzYFVR3geGGXgVHaH+CdngrrAzqUGxg==",
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-portal": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-portal/-/react-portal-1.1.2.tgz",
+      "integrity": "sha512-WeDYLGPxJb/5EGBoedyJbT0MpoULmwnIPMJMSldkuiMsBAv7N1cRdsTWZWht9vpPOiN3qyiGAtbK2is47/uMFg==",
+      "dependencies": {
+        "@radix-ui/react-primitive": "2.0.0",
+        "@radix-ui/react-use-layout-effect": "1.1.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-presence": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-presence/-/react-presence-1.1.1.tgz",
+      "integrity": "sha512-IeFXVi4YS1K0wVZzXNrbaaUvIJ3qdY+/Ih4eHFhWA9SwGR9UDX7Ck8abvL57C4cv3wwMvUE0OG69Qc3NCcTe/A==",
+      "dependencies": {
+        "@radix-ui/react-compose-refs": "1.1.0",
+        "@radix-ui/react-use-layout-effect": "1.1.0"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/react-remove-scroll": {
+      "version": "2.6.0",
+      "resolved": "https://registry.npmmirror.com/react-remove-scroll/-/react-remove-scroll-2.6.0.tgz",
+      "integrity": "sha512-I2U4JVEsQenxDAKaVa3VZ/JeJZe0/2DxPWL8Tj8yLKctQJQiZM52pn/GWFpSp8dftjM3pSAHVJZscAnC/y+ySQ==",
+      "dependencies": {
+        "react-remove-scroll-bar": "^2.3.6",
+        "react-style-singleton": "^2.2.1",
+        "tslib": "^2.1.0",
+        "use-callback-ref": "^1.3.0",
+        "use-sidecar": "^1.1.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
    "node_modules/@radix-ui/react-popper": {
      "version": "1.2.0",
      "resolved": "https://registry.npmmirror.com/@radix-ui/react-popper/-/react-popper-1.2.0.tgz",
@@ -3039,6 +3360,366 @@
        "node": ">=6"
      }
    },
+    "node_modules/cmdk": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmmirror.com/cmdk/-/cmdk-1.0.0.tgz",
+      "integrity": "sha512-gDzVf0a09TvoJ5jnuPvygTB77+XdOSwEmJ88L6XPFPlv7T3RxbP9jgenfylrAMD0+Le1aO0nVjQUzl2g+vjz5Q==",
+      "dependencies": {
+        "@radix-ui/react-dialog": "1.0.5",
+        "@radix-ui/react-primitive": "1.0.3"
+      },
+      "peerDependencies": {
+        "react": "^18.0.0",
+        "react-dom": "^18.0.0"
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/primitive": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/primitive/-/primitive-1.0.1.tgz",
+      "integrity": "sha512-yQ8oGX2GVsEYMWGxcovu1uGWPCxV5BFfeeYxqPmuAzUyLT9qmaMXSAhXpb0WrspIeqYzdJpkh2vHModJPgRIaw==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10"
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-compose-refs": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-compose-refs/-/react-compose-refs-1.0.1.tgz",
+      "integrity": "sha512-fDSBgd44FKHa1FRMU59qBMPFcl2PZE+2nmqunj+BWFyYYjnhIDWL2ItDs3rrbJDQOtzt5nIebLCQc4QRfz6LJw==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-context": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-context/-/react-context-1.0.1.tgz",
+      "integrity": "sha512-ebbrdFoYTcuZ0v4wG5tedGnp9tzcV8awzsxYph7gXUyvnNLuTIcCk1q17JEbnVhXAKG9oX3KtchwiMIAYp9NLg==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-dialog": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dialog/-/react-dialog-1.0.5.tgz",
+      "integrity": "sha512-GjWJX/AUpB703eEBanuBnIWdIXg6NvJFCXcNlSZk4xdszCdhrJgBoUd1cGk67vFO+WdA2pfI/plOpqz/5GUP6Q==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/primitive": "1.0.1",
+        "@radix-ui/react-compose-refs": "1.0.1",
+        "@radix-ui/react-context": "1.0.1",
+        "@radix-ui/react-dismissable-layer": "1.0.5",
+        "@radix-ui/react-focus-guards": "1.0.1",
+        "@radix-ui/react-focus-scope": "1.0.4",
+        "@radix-ui/react-id": "1.0.1",
+        "@radix-ui/react-portal": "1.0.4",
+        "@radix-ui/react-presence": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-slot": "1.0.2",
+        "@radix-ui/react-use-controllable-state": "1.0.1",
+        "aria-hidden": "^1.1.1",
+        "react-remove-scroll": "2.5.5"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-dismissable-layer": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.0.5.tgz",
+      "integrity": "sha512-aJeDjQhywg9LBu2t/At58hCvr7pEm0o2Ke1x33B+MhjNmmZ17sy4KImo0KPLgsnc/zN7GPdce8Cnn0SWvwZO7g==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/primitive": "1.0.1",
+        "@radix-ui/react-compose-refs": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-use-callback-ref": "1.0.1",
+        "@radix-ui/react-use-escape-keydown": "1.0.3"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-focus-guards": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-focus-guards/-/react-focus-guards-1.0.1.tgz",
+      "integrity": "sha512-Rect2dWbQ8waGzhMavsIbmSVCgYxkXLxxR3ZvCX79JOglzdEy4JXMb98lq4hPxUbLr77nP0UOGf4rcMU+s1pUA==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-focus-scope": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-focus-scope/-/react-focus-scope-1.0.4.tgz",
+      "integrity": "sha512-sL04Mgvf+FmyvZeYfNu1EPAaaxD+aw7cYeIB9L9Fvq8+urhltTRaEo5ysKOpHuKPclsZcSUMKlN05x4u+CINpA==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-compose-refs": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-use-callback-ref": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-id": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-id/-/react-id-1.0.1.tgz",
+      "integrity": "sha512-tI7sT/kqYp8p96yGWY1OAnLHrqDgzHefRBKQ2YAkBS5ja7QLcZ9Z/uY7bEjPUatf8RomoXM8/1sMj1IJaE5UzQ==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-use-layout-effect": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-portal": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-portal/-/react-portal-1.0.4.tgz",
+      "integrity": "sha512-Qki+C/EuGUVCQTOTD5vzJzJuMUlewbzuKyUy+/iHM2uwGiru9gZeBJtHAPKAEkB5KWGi9mP/CHKcY0wt1aW45Q==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-primitive": "1.0.3"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-presence": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-presence/-/react-presence-1.0.1.tgz",
+      "integrity": "sha512-UXLW4UAbIY5ZjcvzjfRFo5gxva8QirC9hF7wRE4U5gz+TP0DbRk+//qyuAQ1McDxBt1xNMBTaciFGvEmJvAZCg==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-compose-refs": "1.0.1",
+        "@radix-ui/react-use-layout-effect": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-primitive": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-primitive/-/react-primitive-1.0.3.tgz",
+      "integrity": "sha512-yi58uVyoAcK/Nq1inRY56ZSjKypBNKTa/1mcL8qdl6oJeEaDbOldlzrGn7P6Q3Id5d+SYNGc5AJgc4vGhjs5+g==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-slot": "1.0.2"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-slot": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-slot/-/react-slot-1.0.2.tgz",
+      "integrity": "sha512-YeTpuq4deV+6DusvVUW4ivBgnkHwECUu0BiN43L5UCDFgdhsRUWAghhTF5MbvNTPzmiFOx90asDSUjWuCNapwg==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-compose-refs": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-use-callback-ref": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.0.1.tgz",
+      "integrity": "sha512-D94LjX4Sp0xJFVaoQOd3OO9k7tpBYNOXdVhkltUbGv2Qb9OXdrg/CpsjlZv7ia14Sylv398LswWBVVu5nqKzAQ==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-use-controllable-state": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-use-controllable-state/-/react-use-controllable-state-1.0.1.tgz",
+      "integrity": "sha512-Svl5GY5FQeN758fWKrjM6Qb7asvXeiZltlT4U2gVfl8Gx5UAv2sMR0LWo8yhsIZh2oQ0eFdZ59aoOOMV7b47VA==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-use-callback-ref": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-use-escape-keydown": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-use-escape-keydown/-/react-use-escape-keydown-1.0.3.tgz",
+      "integrity": "sha512-vyL82j40hcFicA+M4Ex7hVkB9vHgSse1ZWomAqV2Je3RleKGO5iM8KMOEtfoSB0PnIelMd2lATjTGMYqN5ylTg==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-use-callback-ref": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/@radix-ui/react-use-layout-effect": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmmirror.com/@radix-ui/react-use-layout-effect/-/react-use-layout-effect-1.0.1.tgz",
+      "integrity": "sha512-v/5RegiJWYdoCvMnITBkNNx6bCj20fiaJnWtRkU18yITptraXjffz5Qbn05uOiQnOvi+dbkznkoaMltz1GnszQ==",
+      "dependencies": {
+        "@babel/runtime": "^7.13.10"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/cmdk/node_modules/react-remove-scroll": {
+      "version": "2.5.5",
+      "resolved": "https://registry.npmmirror.com/react-remove-scroll/-/react-remove-scroll-2.5.5.tgz",
+      "integrity": "sha512-ImKhrzJJsyXJfBZ4bzu8Bwpka14c/fQt0k+cyFp/PBhTfyDnU5hjOtM4AG/0AMyy8oKzOTR0lDgJIM7pYXI0kw==",
+      "dependencies": {
+        "react-remove-scroll-bar": "^2.3.3",
+        "react-style-singleton": "^2.2.1",
+        "tslib": "^2.1.0",
+        "use-callback-ref": "^1.3.0",
+        "use-sidecar": "^1.1.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
    "node_modules/color-convert": {
      "version": "1.9.3",
      "resolved": "https://registry.npmmirror.com/color-convert/-/color-convert-1.9.3.tgz",
--- a/ui/package.json
+++ b/ui/package.json
@@ -14,10 +14,11 @@
    "@radix-ui/react-accordion": "^1.2.0",
    "@radix-ui/react-alert-dialog": "^1.1.1",
    "@radix-ui/react-collapsible": "^1.1.1",
-    "@radix-ui/react-dialog": "^1.1.1",
+    "@radix-ui/react-dialog": "^1.1.2",
    "@radix-ui/react-dropdown-menu": "^2.1.1",
    "@radix-ui/react-label": "^2.1.0",
    "@radix-ui/react-navigation-menu": "^1.2.0",
+    "@radix-ui/react-popover": "^1.1.2",
    "@radix-ui/react-progress": "^1.1.0",
    "@radix-ui/react-radio-group": "^1.2.0",
    "@radix-ui/react-scroll-area": "^1.1.0",
@@ -30,6 +31,7 @@
    "@radix-ui/react-tooltip": "^1.1.2",
    "class-variance-authority": "^0.7.0",
    "clsx": "^2.1.1",
+    "cmdk": "^1.0.0",
    "i18next": "^23.15.1",
    "i18next-browser-languagedetector": "^8.0.0",
    "i18next-http-backend": "^2.6.1",
--- a/ui/public/imgs/providers/baiducloud.svg
+++ b/ui/public/imgs/providers/baiducloud.svg
@@ -0,0 +1 @@
+<svg class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="1684" width="200" height="200"><path d="M482.687 74.101c10.109-5.627 19.662-12.497 30.785-15.998 8.506-2.192 16.685 2.323 23.883 6.38 117.253 68.08 235.062 135.312 352.118 203.753-40.338 22.115-79.662 46.063-119.805 68.506-27.677 15.148-62.814 13.74-89.771-2.388-48.289-28.135-96.871-55.78-145.127-84.014-8.997-5.692-21.232-5.889-30.654-1.21-49.728 28.724-99.456 57.58-149.282 86.173-27.056 15.834-61.963 15.867-89.314 0.687a26252.906 26252.906 0 0 1-113.785-65.628c-0.229-1.178-0.72-3.533-0.949-4.744 110.776-63.533 221.256-127.722 331.9-191.517z" fill="#72AF2D" p-id="1685"></path><path d="M115.552 719.744c0.49-135.148-0.622-270.329 0.556-405.477 32.617 19.367 65.595 38.08 98.441 57.088 12.76 7.427 26.27 14.199 36.74 24.864 15.769 16.39 26.042 38.67 25.845 61.637 0.033 54.57 0.131 109.172-0.065 163.774-1.047 12.203 3.304 25.65 14.493 31.963 40.567 23.72 81.396 47.045 122.095 70.6 14.362 8.638 29.771 15.9 42.4 27.057 18.156 17.11 28.756 41.777 29.116 66.707-0.033 44.559-0.196 89.15 0.066 133.709-10.175-3.468-18.877-9.848-28.201-14.984-108.55-62.716-217.167-125.366-325.652-188.148-10.207-5.66-17.143-16.947-15.834-28.79z" fill="#118CCF" p-id="1686"></path><path d="M815.143 367.397c30.753-17.47 61.015-35.824 92.095-52.705 0.196 135.017-0.066 270.035 0.13 405.052 0.819 11.582-5.3 23.163-15.637 28.627-110.416 63.86-220.896 127.558-331.312 191.386-7.328 4.45-14.722 8.8-22.508 12.432-0.098-44.82 0.065-89.64-0.098-134.428-0.426-31.538 17.47-62.16 44.558-78.06 49.074-28.43 98.245-56.664 147.286-85.159 8.245-4.515 15.311-13.053 14.919-22.9 0.13-55.683 0.065-111.398 0-167.08-0.033-23.784 8.048-47.732 24.21-65.398 12.497-14.362 30.36-22.083 46.357-31.767z" fill="#DA4525" p-id="1687"></path></svg>
--- a/ui/public/imgs/providers/dogecloud.svg
+++ b/ui/public/imgs/providers/dogecloud.svg
--- a/ui/public/imgs/providers/google.svg
+++ b/ui/public/imgs/providers/google.svg
@@ -1,28 +1 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
-<svg width="800px" height="800px" viewBox="-0.5 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-    
-    <title>Google-color</title>
-    <desc>Created with Sketch.</desc>
-    <defs>
-
-</defs>
-    <g id="Icons" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-        <g id="Color-" transform="translate(-401.000000, -860.000000)">
-            <g id="Google" transform="translate(401.000000, 860.000000)">
-                <path d="M9.82727273,24 C9.82727273,22.4757333 10.0804318,21.0144 10.5322727,19.6437333 L2.62345455,13.6042667 C1.08206818,16.7338667 0.213636364,20.2602667 0.213636364,24 C0.213636364,27.7365333 1.081,31.2608 2.62025,34.3882667 L10.5247955,28.3370667 C10.0772273,26.9728 9.82727273,25.5168 9.82727273,24" id="Fill-1" fill="#FBBC05">
-
-</path>
-                <path d="M23.7136364,10.1333333 C27.025,10.1333333 30.0159091,11.3066667 32.3659091,13.2266667 L39.2022727,6.4 C35.0363636,2.77333333 29.6954545,0.533333333 23.7136364,0.533333333 C14.4268636,0.533333333 6.44540909,5.84426667 2.62345455,13.6042667 L10.5322727,19.6437333 C12.3545909,14.112 17.5491591,10.1333333 23.7136364,10.1333333" id="Fill-2" fill="#EB4335">
-
-</path>
-                <path d="M23.7136364,37.8666667 C17.5491591,37.8666667 12.3545909,33.888 10.5322727,28.3562667 L2.62345455,34.3946667 C6.44540909,42.1557333 14.4268636,47.4666667 23.7136364,47.4666667 C29.4455,47.4666667 34.9177955,45.4314667 39.0249545,41.6181333 L31.5177727,35.8144 C29.3995682,37.1488 26.7323182,37.8666667 23.7136364,37.8666667" id="Fill-3" fill="#34A853">
-
-</path>
-                <path d="M46.1454545,24 C46.1454545,22.6133333 45.9318182,21.12 45.6113636,19.7333333 L23.7136364,19.7333333 L23.7136364,28.8 L36.3181818,28.8 C35.6879545,31.8912 33.9724545,34.2677333 31.5177727,35.8144 L39.0249545,41.6181333 C43.3393409,37.6138667 46.1454545,31.6490667 46.1454545,24" id="Fill-4" fill="#4285F4">
-
-</path>
-            </g>
-        </g>
-    </g>
-</svg>
+<svg width="200" height="200" viewBox="-0.5 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g id="Icons" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Color-" transform="translate(-401.000000, -860.000000)"><g id="Google" transform="translate(401.000000, 860.000000)"><path d="M9.82727273,24 C9.82727273,22.4757333 10.0804318,21.0144 10.5322727,19.6437333 L2.62345455,13.6042667 C1.08206818,16.7338667 0.213636364,20.2602667 0.213636364,24 C0.213636364,27.7365333 1.081,31.2608 2.62025,34.3882667 L10.5247955,28.3370667 C10.0772273,26.9728 9.82727273,25.5168 9.82727273,24" id="Fill-1" fill="#FBBC05"></path><path d="M23.7136364,10.1333333 C27.025,10.1333333 30.0159091,11.3066667 32.3659091,13.2266667 L39.2022727,6.4 C35.0363636,2.77333333 29.6954545,0.533333333 23.7136364,0.533333333 C14.4268636,0.533333333 6.44540909,5.84426667 2.62345455,13.6042667 L10.5322727,19.6437333 C12.3545909,14.112 17.5491591,10.1333333 23.7136364,10.1333333" id="Fill-2" fill="#EB4335"></path><path d="M23.7136364,37.8666667 C17.5491591,37.8666667 12.3545909,33.888 10.5322727,28.3562667 L2.62345455,34.3946667 C6.44540909,42.1557333 14.4268636,47.4666667 23.7136364,47.4666667 C29.4455,47.4666667 34.9177955,45.4314667 39.0249545,41.6181333 L31.5177727,35.8144 C29.3995682,37.1488 26.7323182,37.8666667 23.7136364,37.8666667" id="Fill-3" fill="#34A853"></path><path d="M46.1454545,24 C46.1454545,22.6133333 45.9318182,21.12 45.6113636,19.7333333 L23.7136364,19.7333333 L23.7136364,28.8 L36.3181818,28.8 C35.6879545,31.8912 33.9724545,34.2677333 31.5177727,35.8144 L39.0249545,41.6181333 C43.3393409,37.6138667 46.1454545,31.6490667 46.1454545,24" id="Fill-4" fill="#4285F4"></path></g></g></g></svg>
--- a/ui/public/imgs/providers/volcengine.svg
+++ b/ui/public/imgs/providers/volcengine.svg
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="192" height="192">
+<path d="M0 0 C1.32 0 2.64 0 4 0 C9.5316738 22.52529447 14.8267431 45.0974913 19.96630859 67.715271 C20.87688366 71.72007263 21.79014366 75.72426201 22.703125 79.72851562 C24.47126161 87.48510668 26.23661634 95.24232702 28 103 C28.16081055 102.28344238 28.32162109 101.56688477 28.48730469 100.82861328 C29.22431391 97.58987302 29.98678399 94.35766013 30.75 91.125 C31.12898438 89.43310547 31.12898438 89.43310547 31.515625 87.70703125 C31.90234375 86.09248047 31.90234375 86.09248047 32.296875 84.4453125 C32.52729492 83.45031738 32.75771484 82.45532227 32.99511719 81.43017578 C34 79 34 79 36.10644531 77.65966797 C36.73131836 77.44197754 37.35619141 77.22428711 38 77 C40.25565304 80.38347955 40.99634884 83.52624948 41.87939453 87.42138672 C42.14317902 88.5511644 42.14317902 88.5511644 42.41229248 89.70376587 C42.99201316 92.19434495 43.56265709 94.68690271 44.1328125 97.1796875 C44.533134 98.91228981 44.93384541 100.64480206 45.33493042 102.37722778 C46.17438801 106.00952966 47.00941838 109.64281323 47.84130859 113.27685547 C48.90714146 117.93143946 49.98338211 122.58354121 51.06289864 127.23496819 C51.89220185 130.81312389 52.71620818 134.39248313 53.53860092 137.97223282 C53.93334028 139.6877775 54.32966359 141.40295852 54.72760391 143.11776352 C55.28354421 145.5172615 55.83239226 147.91827521 56.37939453 150.31982422 C56.54456573 151.02649231 56.70973694 151.7331604 56.87991333 152.46124268 C57.68382252 156.02635542 58.2877538 159.34133935 58 163 C57 164 57 164 54.72175503 164.12304783 C53.70501737 164.12212604 52.68827971 164.12120424 51.64073181 164.12025452 C50.47820389 164.12162918 49.31567596 164.12300385 48.11791992 164.12442017 C46.83111328 164.12082489 45.54430664 164.11722961 44.21850586 164.11352539 C42.85876976 164.11324352 41.4990335 164.11340125 40.13929749 164.1139679 C36.43698222 164.11425587 32.73469908 164.10835912 29.03239131 164.10139394 C25.16731219 164.09516043 21.30223242 164.0945566 17.43714905 164.09336853 C10.11315318 164.09025521 2.78917216 164.0820418 -4.53481716 164.07201904 C-12.87083448 164.06085794 -21.20685249 164.05534746 -29.54287541 164.05032361 C-46.69525888 164.03985919 -63.84762787 164.02225973 -81 164 C-82.14187085 160.57438746 -81.82373034 159.34227454 -81.01196289 155.88598633 C-80.77163834 154.84513382 -80.53131378 153.80428131 -80.28370667 152.73188782 C-80.01606003 151.60993515 -79.74841339 150.48798248 -79.47265625 149.33203125 C-79.20488876 148.18208176 -78.93712128 147.03213226 -78.66123962 145.84733582 C-77.80250112 142.1672533 -76.93263711 138.48990227 -76.0625 134.8125 C-75.47908424 132.32113519 -74.89639264 129.82960068 -74.31445312 127.33789062 C-72.88470561 121.22326496 -71.44581004 115.11084638 -70 109 C-68.02 108.505 -68.02 108.505 -66 108 C-65.51891725 109.41601714 -65.04021859 110.83284437 -64.5625 112.25 C-64.29566406 113.03890625 -64.02882813 113.8278125 -63.75390625 114.640625 C-63.08016922 116.74910774 -62.52533639 118.8510768 -62 121 C-57.92546649 106.54247934 -54.67580491 91.88514666 -51.3125 77.25 C-50.42369645 73.38688228 -49.53364952 69.52405334 -48.64213562 65.66156006 C-48.09081632 63.27246643 -47.54096762 60.88303285 -46.99275208 58.4932251 C-46.7454686 57.42070496 -46.49818512 56.34818481 -46.2434082 55.24316406 C-46.02675003 54.30023499 -45.81009186 53.35730591 -45.58686829 52.38580322 C-45 50 -45 50 -44 47 C-43.01 46.67 -42.02 46.34 -41 46 C-38.23625561 48.76374439 -37.91156555 51.86361199 -37.08984375 55.5625 C-36.91747696 56.30959229 -36.74511017 57.05668457 -36.56752014 57.82641602 C-36.01731597 60.21609875 -35.47695373 62.60786961 -34.9375 65 C-34.39285742 67.39172265 -33.84616188 69.78294823 -33.29676819 72.17358398 C-32.95528025 73.66196219 -32.61684088 75.15104374 -32.28172302 76.64086914 C-31.44117319 80.42190439 -31.44117319 80.42190439 -30 84 C-28.35 77.07 -26.7 70.14 -25 63 C-23.02 62.505 -23.02 62.505 -21 62 C-19.68 64.97 -18.36 67.94 -17 71 C-16.80177139 70.12525528 -16.60354279 69.25051056 -16.39930725 68.34925842 C-14.53431568 60.12241124 -12.66583508 51.89636614 -10.79338932 43.6712122 C-9.83077597 39.44213487 -8.86953458 35.21275527 -7.91137695 30.98266602 C-6.98737224 26.90358604 -6.05983134 22.82532526 -5.12978935 18.74761772 C-4.77485423 17.18852063 -4.42121379 15.62912824 -4.06886482 14.06944466 C-3.57671669 11.89194568 -3.08005547 9.71552394 -2.58227539 7.53930664 C-2.30025772 6.29798477 -2.01824005 5.0566629 -1.72767639 3.77772522 C-1 1 -1 1 0 0 Z " fill="#1678FE" transform="translate(108,0)"/>
+<path d="M0 0 C4.0123413 2.6748942 4.29118676 5.67680766 5.3671875 10.12890625 C5.56982208 10.95140366 5.77245667 11.77390106 5.98123169 12.62132263 C6.40631662 14.37247717 6.82449093 16.12532127 7.23632812 17.87963867 C7.86227451 20.50904418 8.53517407 23.12326358 9.2109375 25.74023438 C12.07068499 37.41556769 12.00448657 46.42095444 9 58 C8.72833008 59.1955249 8.45666016 60.3910498 8.17675781 61.62280273 C7.39051448 65.07318639 6.54720713 68.50474629 5.6875 71.9375 C5.07306448 74.4346121 4.45981035 76.93201514 3.84765625 79.4296875 C3.54102051 80.6784668 3.23438477 81.92724609 2.91845703 83.21386719 C1.17036632 90.41997851 -0.47868082 97.64885161 -2.1340332 104.87670898 C-2.48147583 106.39373413 -2.48147583 106.39373413 -2.8359375 107.94140625 C-3.03751465 108.82513916 -3.2390918 109.70887207 -3.44677734 110.61938477 C-3.94226379 112.75155085 -4.46909406 114.87637623 -5 117 C10.84 117 26.68 117 43 117 C43 117.33 43 117.66 43 118 C15.94 118 -11.12 118 -39 118 C-40.14187085 114.57438746 -39.82373034 113.34227454 -39.01196289 109.88598633 C-38.77163834 108.84513382 -38.53131378 107.80428131 -38.28370667 106.73188782 C-38.01606003 105.60993515 -37.74841339 104.48798248 -37.47265625 103.33203125 C-37.20488876 102.18208176 -36.93712128 101.03213226 -36.66123962 99.84733582 C-35.80250112 96.1672533 -34.93263711 92.48990227 -34.0625 88.8125 C-33.47908424 86.32113519 -32.89639264 83.82960068 -32.31445312 81.33789062 C-30.88470561 75.22326496 -29.44581004 69.11084638 -28 63 C-26.02 62.505 -26.02 62.505 -24 62 C-23.51891725 63.41601714 -23.04021859 64.83284437 -22.5625 66.25 C-22.29566406 67.03890625 -22.02882813 67.8278125 -21.75390625 68.640625 C-21.08016922 70.74910774 -20.52533639 72.8510768 -20 75 C-15.92546649 60.54247934 -12.67580491 45.88514666 -9.3125 31.25 C-8.42369645 27.38688228 -7.53364952 23.52405334 -6.64213562 19.66156006 C-6.09081632 17.27246643 -5.54096762 14.88303285 -4.99275208 12.4932251 C-4.7454686 11.42070496 -4.49818512 10.34818481 -4.2434082 9.24316406 C-4.02675003 8.30023499 -3.81009186 7.35730591 -3.58686829 6.38580322 C-3 4 -3 4 -2 1 C-1.34 0.67 -0.68 0.34 0 0 Z " fill="#167AFE" transform="translate(66,46)"/>
+<path d="M0 0 C1.32 0.33 2.64 0.66 4 1 C4.46678965 2.58086094 4.9227585 4.16491593 5.375 5.75 C5.63023438 6.63171875 5.88546875 7.5134375 6.1484375 8.421875 C6.87542654 11.47656291 7.4139917 14.4642372 7.90234375 17.5625 C8.98028023 24.22106762 10.55043952 30.7099525 12.1875 37.25 C15.20528073 49.49873355 17.97533372 61.78769858 20.60229492 74.12597656 C22.01333501 80.7015831 23.52136706 87.18589313 25.45800781 93.62841797 C26 96 26 96 26 101 C9.83 101 -6.34 101 -23 101 C-22.38084899 96.04679193 -21.8086416 91.74373782 -20.6171875 87 C-20.34060303 85.88230225 -20.06401855 84.76460449 -19.77905273 83.61303711 C-19.48071533 82.42073486 -19.18237793 81.22843262 -18.875 80 C-16.25563065 69.34110325 -13.7678342 58.66334124 -11.4375 47.9375 C-11.29371918 47.27721802 -11.14993835 46.61693604 -11.00180054 45.93664551 C-9.55006847 39.26293849 -8.11885949 32.58512368 -6.71751404 25.90065002 C-6.30464964 23.93161018 -5.88977083 21.96299305 -5.47485352 19.99438477 C-4.96236238 17.55715172 -4.45477927 15.11887978 -3.95288086 12.67944336 C-3.72479736 11.5941333 -3.49671387 10.50882324 -3.26171875 9.390625 C-3.06537842 8.44219727 -2.86903809 7.49376953 -2.66674805 6.51660156 C-2.03222201 4.1216201 -1.19689606 2.16094777 0 0 Z " fill="#36E1E2" transform="translate(84,62)"/>
+<path d="M0 0 C0.99 0.33 1.98 0.66 3 1 C4.03887939 3.83370972 4.03887939 3.83370972 4.95800781 7.59326172 C5.2097621 8.60251363 5.2097621 8.60251363 5.46660233 9.63215446 C5.99125051 11.75173458 6.49700713 13.87518769 7 16 C7.30627319 17.26249573 7.61254639 18.52499146 7.92810059 19.82574463 C8.86110039 23.71559829 9.77067925 27.61050619 10.671875 31.5078125 C11.0024033 32.9317254 11.33299132 34.35562444 11.66363525 35.7795105 C12.34771578 38.72856805 13.02972361 41.67809603 13.71044922 44.62792969 C14.58141761 48.40048291 15.45982697 52.17126278 16.33997726 55.94168282 C17.02142891 58.86620824 17.69792035 61.79186451 18.37302399 64.71786118 C18.69498969 66.1096897 19.01873077 67.50110884 19.3443222 68.89209366 C19.79692579 70.8280578 20.24189044 72.76580301 20.68652344 74.70361328 C20.94093201 75.80198517 21.19534058 76.90035706 21.4574585 78.03201294 C21.9607087 80.78505594 22.18590561 83.21129819 22 86 C21 87 21 87 19.23413086 87.11352539 C18.48526611 87.10828857 17.73640137 87.10305176 16.96484375 87.09765625 C16.15595703 87.09443359 15.34707031 87.09121094 14.51367188 87.08789062 C13.66353516 87.07951172 12.81339844 87.07113281 11.9375 87.0625 C11.08349609 87.05798828 10.22949219 87.05347656 9.34960938 87.04882812 C7.23304337 87.03700373 5.11651315 87.01906769 3 87 C3.02868164 85.97616211 3.05736328 84.95232422 3.08691406 83.89746094 C3.00469391 80.21048752 2.5113821 77.20197915 1.609375 73.640625 C1.31353516 72.45114258 1.01769531 71.26166016 0.71289062 70.03613281 C0.39513672 68.78670898 0.07738281 67.53728516 -0.25 66.25 C-0.89501094 63.64690845 -1.53300803 61.04210523 -2.171875 58.4375 C-2.48447266 57.1690625 -2.79707031 55.900625 -3.11914062 54.59375 C-4.28889622 49.82135467 -5.43093728 45.04596159 -6.5 40.25 C-6.67176758 39.53231445 -6.84353516 38.81462891 -7.02050781 38.07519531 C-8.95876389 29.16935201 -6.66000706 20.76440249 -4.5625 12.0625 C-4.34529297 11.11826172 -4.12808594 10.17402344 -3.90429688 9.20117188 C-3.68966797 8.30076172 -3.47503906 7.40035156 -3.25390625 6.47265625 C-3.06127197 5.66062744 -2.8686377 4.84859863 -2.67016602 4.01196289 C-2 2 -2 2 0 0 Z " fill="#37E1E2" transform="translate(144,77)"/>
+<path d="M0 0 C0.99 0.33 1.98 0.66 3 1 C3.94921875 3.37109375 3.94921875 3.37109375 4.6875 6.4375 C4.93886719 7.42621094 5.19023438 8.41492188 5.44921875 9.43359375 C6.90509112 18.86062549 5.3631431 27.00072147 3.0625 36.1875 C0.61192077 46.01462243 0.61192077 46.01462243 -1 56 C-4.96 56 -8.92 56 -13 56 C-14.13719943 52.5884017 -13.83299816 51.34792773 -13.04370117 47.90185547 C-12.809832 46.86423065 -12.57596283 45.82660583 -12.33500671 44.75753784 C-12.07363419 43.63872223 -11.81226166 42.51990662 -11.54296875 41.3671875 C-11.27994461 40.21960968 -11.01692047 39.07203186 -10.7459259 37.88967896 C-10.18736857 35.46280808 -9.62473117 33.03687321 -9.05834961 30.61181641 C-8.19002923 26.88585293 -7.3393032 23.15617289 -6.49023438 19.42578125 C-5.94636766 17.07267254 -5.40148044 14.71979942 -4.85546875 12.3671875 C-4.60016891 11.24432343 -4.34486908 10.12145935 -4.08183289 8.96456909 C-3.83850723 7.9332486 -3.59518158 6.9019281 -3.34448242 5.83935547 C-3.13272873 4.92685028 -2.92097504 4.01434509 -2.70280457 3.07418823 C-2 1 -2 1 0 0 Z " fill="#38E1E2" transform="translate(40,108)"/>
+</svg>
--- a/ui/src/components/certimate/AccessBaiduCloudForm.tsx
+++ b/ui/src/components/certimate/AccessBaiduCloudForm.tsx
@@ -0,0 +1,194 @@
+import { useForm } from "react-hook-form";
+import { useTranslation } from "react-i18next";
+import z from "zod";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { ClientResponseError } from "pocketbase";
+
+import { Input } from "@/components/ui/input";
+import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
+import { Button } from "@/components/ui/button";
+import { PbErrorData } from "@/domain/base";
+import { accessProvidersMap, accessTypeFormSchema, type Access, type BaiduCloudConfig } from "@/domain/access";
+import { save } from "@/repository/access";
+import { useConfigContext } from "@/providers/config";
+
+type AccessBaiduCloudFormProps = {
+  op: "add" | "edit" | "copy";
+  data?: Access;
+  onAfterReq: () => void;
+};
+
+const AccessBaiduCloudForm = ({ data, op, onAfterReq }: AccessBaiduCloudFormProps) => {
+  const { addAccess, updateAccess } = useConfigContext();
+  const { t } = useTranslation();
+  const formSchema = z.object({
+    id: z.string().optional(),
+    name: z
+      .string()
+      .min(1, "access.authorization.form.name.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    configType: accessTypeFormSchema,
+    accessKeyId: z
+      .string()
+      .min(1, "access.authorization.form.access_key_id.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretAccessKey: z
+      .string()
+      .min(1, "access.authorization.form.secret_access_key.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+
+  let config: BaiduCloudConfig = {
+    accessKeyId: "",
+    secretAccessKey: "",
+  };
+  if (data) config = data.config as BaiduCloudConfig;
+
+  const form = useForm<z.infer<typeof formSchema>>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      id: data?.id,
+      name: data?.name || "",
+      configType: "baiducloud",
+      accessKeyId: config.accessKeyId,
+      secretAccessKey: config.secretAccessKey,
+    },
+  });
+
+  const onSubmit = async (data: z.infer<typeof formSchema>) => {
+    const req: Access = {
+      id: data.id as string,
+      name: data.name,
+      configType: data.configType,
+      usage: accessProvidersMap.get(data.configType)!.usage,
+      config: {
+        accessKeyId: data.accessKeyId,
+        secretAccessKey: data.secretAccessKey,
+      },
+    };
+
+    try {
+      req.id = op == "copy" ? "" : req.id;
+      const rs = await save(req);
+
+      onAfterReq();
+
+      req.id = rs.id;
+      req.created = rs.created;
+      req.updated = rs.updated;
+      if (data.id && op == "edit") {
+        updateAccess(req);
+        return;
+      }
+      addAccess(req);
+    } catch (e) {
+      const err = e as ClientResponseError;
+
+      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
+        form.setError(key as keyof z.infer<typeof formSchema>, {
+          type: "manual",
+          message: value.message,
+        });
+      });
+
+      return;
+    }
+  };
+
+  return (
+    <>
+      <Form {...form}>
+        <form
+          onSubmit={(e) => {
+            e.stopPropagation();
+            form.handleSubmit(onSubmit)(e);
+          }}
+          className="space-y-8"
+        >
+          <FormField
+            control={form.control}
+            name="name"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="id"
+            render={({ field }) => (
+              <FormItem className="hidden">
+                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="configType"
+            render={({ field }) => (
+              <FormItem className="hidden">
+                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="accessKeyId"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.access_key_id.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.access_key_id.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="secretAccessKey"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.secret_access_key.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.secret_access_key.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormMessage />
+
+          <div className="flex justify-end">
+            <Button type="submit">{t("common.save")}</Button>
+          </div>
+        </form>
+      </Form>
+    </>
+  );
+};
+
+export default AccessBaiduCloudForm;
--- a/ui/src/components/certimate/AccessDogeCloudForm.tsx
+++ b/ui/src/components/certimate/AccessDogeCloudForm.tsx
@@ -0,0 +1,188 @@
+import { useForm } from "react-hook-form";
+import { useTranslation } from "react-i18next";
+import z from "zod";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { ClientResponseError } from "pocketbase";
+
+import { Button } from "@/components/ui/button";
+import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+import { PbErrorData } from "@/domain/base";
+import { accessProvidersMap, accessTypeFormSchema, type Access, type DogeCloudConfig } from "@/domain/access";
+import { save } from "@/repository/access";
+import { useConfigContext } from "@/providers/config";
+
+type AccessDogeCloudFormProps = {
+  op: "add" | "edit" | "copy";
+  data?: Access;
+  onAfterReq: () => void;
+};
+
+const AccessDogeCloudForm = ({ data, op, onAfterReq }: AccessDogeCloudFormProps) => {
+  const { addAccess, updateAccess } = useConfigContext();
+  const { t } = useTranslation();
+  const formSchema = z.object({
+    id: z.string().optional(),
+    name: z
+      .string()
+      .min(1, "access.authorization.form.name.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    configType: accessTypeFormSchema,
+    accessKey: z.string().min(1, "access.authorization.form.access_key.placeholder").max(64),
+    secretKey: z.string().min(1, "access.authorization.form.secret_key.placeholder").max(64),
+  });
+
+  let config: DogeCloudConfig = {
+    accessKey: "",
+    secretKey: "",
+  };
+  if (data) config = data.config as DogeCloudConfig;
+
+  const form = useForm<z.infer<typeof formSchema>>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      id: data?.id,
+      name: data?.name || "",
+      configType: "dogecloud",
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+    },
+  });
+
+  const onSubmit = async (data: z.infer<typeof formSchema>) => {
+    const req: Access = {
+      id: data.id as string,
+      name: data.name,
+      configType: data.configType,
+      usage: accessProvidersMap.get(data.configType)!.usage,
+      config: {
+        accessKey: data.accessKey,
+        secretKey: data.secretKey,
+      },
+    };
+
+    try {
+      req.id = op == "copy" ? "" : req.id;
+      const rs = await save(req);
+
+      onAfterReq();
+
+      req.id = rs.id;
+      req.created = rs.created;
+      req.updated = rs.updated;
+      if (data.id && op == "edit") {
+        updateAccess(req);
+        return;
+      }
+      addAccess(req);
+    } catch (e) {
+      const err = e as ClientResponseError;
+
+      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
+        form.setError(key as keyof z.infer<typeof formSchema>, {
+          type: "manual",
+          message: value.message,
+        });
+      });
+
+      return;
+    }
+  };
+
+  return (
+    <>
+      <Form {...form}>
+        <form
+          onSubmit={(e) => {
+            e.stopPropagation();
+            form.handleSubmit(onSubmit)(e);
+          }}
+          className="space-y-8"
+        >
+          <FormField
+            control={form.control}
+            name="name"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="id"
+            render={({ field }) => (
+              <FormItem className="hidden">
+                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="configType"
+            render={({ field }) => (
+              <FormItem className="hidden">
+                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="accessKey"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.access_key.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.access_key.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="secretKey"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.secret_key.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.secret_key.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormMessage />
+
+          <div className="flex justify-end">
+            <Button type="submit">{t("common.save")}</Button>
+          </div>
+        </form>
+      </Form>
+    </>
+  );
+};
+
+export default AccessDogeCloudForm;
--- a/ui/src/components/certimate/AccessEditDialog.tsx
+++ b/ui/src/components/certimate/AccessEditDialog.tsx
@@ -5,11 +5,12 @@ import { cn } from "@/lib/utils";
 import { Dialog, DialogContent, DialogHeader, DialogTitle, DialogTrigger } from "@/components/ui/dialog";
 import { Label } from "@/components/ui/label";
 import { ScrollArea } from "@/components/ui/scroll-area";
-import { Select, SelectContent, SelectGroup, SelectItem, SelectLabel, SelectTrigger, SelectValue } from "@/components/ui/select";
 import AccessAliyunForm from "./AccessAliyunForm";
 import AccessTencentForm from "./AccessTencentForm";
 import AccessHuaweiCloudForm from "./AccessHuaweicloudForm";
+import AccessBaiduCloudForm from "./AccessBaiduCloudForm";
 import AccessQiniuForm from "./AccessQiniuForm";
+import AccessDogeCloudForm from "./AccessDogeCloudForm";
 import AccessAwsForm from "./AccessAwsForm";
 import AccessCloudflareForm from "./AccessCloudflareForm";
 import AccessNamesiloForm from "./AccessNamesiloForm";
@@ -20,7 +21,9 @@ import AccessLocalForm from "./AccessLocalForm";
 import AccessSSHForm from "./AccessSSHForm";
 import AccessWebhookForm from "./AccessWebhookForm";
 import AccessKubernetesForm from "./AccessKubernetesForm";
-import { Access, accessProvidersMap } from "@/domain/access";
+import AccessVolcengineForm from "./AccessVolcengineForm";
+import { Access } from "@/domain/access";
+import { AccessTypeSelect } from "./AccessTypeSelect";

 type AccessEditProps = {
  op: "add" | "edit" | "copy";
@@ -71,6 +74,17 @@ const AccessEditDialog = ({ trigger, op, data, className }: AccessEditProps) =>
        />
      );
      break;
+    case "baiducloud":
+      childComponent = (
+        <AccessBaiduCloudForm
+          data={data}
+          op={op}
+          onAfterReq={() => {
+            setOpen(false);
+          }}
+        />
+      );
+      break;
    case "qiniu":
      childComponent = (
        <AccessQiniuForm
@@ -82,6 +96,17 @@ const AccessEditDialog = ({ trigger, op, data, className }: AccessEditProps) =>
        />
      );
      break;
+    case "dogecloud":
+      childComponent = (
+        <AccessDogeCloudForm
+          data={data}
+          op={op}
+          onAfterReq={() => {
+            setOpen(false);
+          }}
+        />
+      );
+      break;
    case "aws":
      childComponent = (
        <AccessAwsForm
@@ -192,18 +217,39 @@ const AccessEditDialog = ({ trigger, op, data, className }: AccessEditProps) =>
        />
      );
      break;
+    case "volcengine":
+      childComponent = (
+        <AccessVolcengineForm
+          data={data}
+          op={op}
+          onAfterReq={() => {
+            setOpen(false);
+          }}
+        />
+      );
+      break;
  }

-  const getOptionCls = (val: string) => {
-    return val == configType ? "border-primary" : "";
-  };
-
  return (
-    <Dialog onOpenChange={setOpen} open={open}>
+    <Dialog
+      onOpenChange={(openState) => {
+        if (openState) {
+          document.body.style.pointerEvents = "auto";
+        }
+        setOpen(openState);
+      }}
+      open={open}
+      modal={false}
+    >
      <DialogTrigger asChild className={cn(className)}>
        {trigger}
      </DialogTrigger>
-      <DialogContent className="sm:max-w-[600px] w-full dark:text-stone-200">
+      <DialogContent
+        className="sm:max-w-[600px] w-full dark:text-stone-200"
+        onInteractOutside={(event) => {
+          event.preventDefault();
+        }}
+      >
        <DialogHeader>
          <DialogTitle>
            {
@@ -219,29 +265,15 @@ const AccessEditDialog = ({ trigger, op, data, className }: AccessEditProps) =>
          <div className="container py-3">
            <div>
              <Label>{t("access.authorization.form.type.label")}</Label>
-              <Select
-                onValueChange={(val) => {
+              <AccessTypeSelect
+                value={configType}
+                onChange={(val) => {
                  setConfigType(val);
                }}
-                defaultValue={configType}
-              >
-                <SelectTrigger className="mt-3">
-                  <SelectValue placeholder={t("access.authorization.form.type.placeholder")} />
-                </SelectTrigger>
-                <SelectContent>
-                  <SelectGroup>
-                    <SelectLabel>{t("access.authorization.form.type.list")}</SelectLabel>
-                    {Array.from(accessProvidersMap.entries()).map(([key, provider]) => (
-                      <SelectItem value={key} key={key}>
-                        <div className={cn("flex items-center space-x-2 rounded cursor-pointer", getOptionCls(key))}>
-                          <img src={provider.icon} className="h-6 w-6" />
-                          <div>{t(provider.name)}</div>
-                        </div>
-                      </SelectItem>
-                    ))}
-                  </SelectGroup>
-                </SelectContent>
-              </Select>
+                className="w-full mt-3"
+                placeholder={t("access.authorization.form.type.placeholder")}
+                searchPlaceholder={t("access.authorization.form.type.search.placeholder")}
+              />
            </div>

            <div className="mt-8">{childComponent}</div>
--- a/ui/src/components/certimate/AccessKubernetesForm.tsx
+++ b/ui/src/components/certimate/AccessKubernetesForm.tsx
@@ -37,7 +37,7 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
    configType: accessTypeFormSchema,
    kubeConfig: z
      .string()
-      .min(1, "access.authorization.form.k8s_kubeconfig.placeholder")
+      .min(0, "access.authorization.form.k8s_kubeconfig.placeholder")
      .max(20480, t("common.errmsg.string_max", { max: 20480 })),
    kubeConfigFile: z.any().optional(),
  });
@@ -191,3 +191,4 @@ const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProp
 };

 export default AccessKubernetesForm;
+
--- a/ui/src/components/certimate/AccessTypeSelect.tsx
+++ b/ui/src/components/certimate/AccessTypeSelect.tsx
@@ -0,0 +1,80 @@
+import { Check, ChevronsUpDown } from "lucide-react";
+
+import { cn } from "@/lib/utils";
+import { Button } from "@/components/ui/button";
+import { Command, CommandEmpty, CommandGroup, CommandInput, CommandItem, CommandList } from "@/components/ui/command";
+import { Popover, PopoverContent, PopoverTrigger } from "@/components/ui/popover";
+import { accessProvidersMap } from "@/domain/access";
+import { useTranslation } from "react-i18next";
+import { useEffect, useState } from "react";
+
+type AccessTypeSelectProps = {
+  value: string;
+  onChange: (value: string) => void;
+  placeholder: string;
+  searchPlaceholder: string;
+  className?: string;
+};
+
+export function AccessTypeSelect({ value, onChange, placeholder, searchPlaceholder, className }: AccessTypeSelectProps) {
+  const [open, setOpen] = useState(false);
+  const [locValue, setLocValue] = useState("");
+  const { t } = useTranslation();
+  const [search, setSearch] = useState("");
+  const filteredProviders = Array.from(accessProvidersMap.entries());
+
+  useEffect(() => {
+    setLocValue(value);
+  }, [value]);
+
+  const handleOnSelect = (currentValue: string) => {
+    const newValue = currentValue === locValue ? "" : currentValue;
+    setLocValue(newValue);
+    setSearch("");
+    setOpen(false);
+    onChange(newValue);
+  };
+
+  return (
+    <Popover open={open} onOpenChange={setOpen}>
+      <PopoverTrigger asChild>
+        <Button variant="outline" role="combobox" aria-expanded={open} className={cn("justify-between z-50", className)}>
+          {locValue ? (
+            <div className="flex space-x-2 items-center">
+              <img src={accessProvidersMap.get(locValue)?.icon} className="h-6 w-6" />
+              <div>{t(accessProvidersMap.get(locValue)?.name ?? "")}</div>
+            </div>
+          ) : (
+            <>{placeholder}</>
+          )}
+          <ChevronsUpDown className="ml-2 h-4 w-4 shrink-0 opacity-50" />
+        </Button>
+      </PopoverTrigger>
+      <PopoverContent className={cn("p-0  w-full")}>
+        <Command className="">
+          <CommandInput
+            placeholder={searchPlaceholder}
+            value={search}
+            onValueChange={(val: string) => {
+              setSearch(val);
+            }}
+          />
+          <CommandList>
+            <CommandEmpty>{t("access.authorization.form.type.search.notfound")}</CommandEmpty>
+            <CommandGroup>
+              {filteredProviders.map(([key, provider]) => (
+                <CommandItem key={key} value={key} onSelect={handleOnSelect} keywords={provider.searchContent.split(":")}>
+                  <Check className={cn("mr-2 h-4 w-4", locValue === key ? "opacity-100" : "opacity-0")} />
+                  <div className="flex space-x-2">
+                    <img src={provider.icon} className="h-6 w-6" />
+                    <div className="font-medium">{t(provider.name)}</div>
+                  </div>
+                </CommandItem>
+              ))}
+            </CommandGroup>
+          </CommandList>
+        </Command>
+      </PopoverContent>
+    </Popover>
+  );
+}
--- a/ui/src/components/certimate/AccessVolcengineForm.tsx
+++ b/ui/src/components/certimate/AccessVolcengineForm.tsx
@@ -0,0 +1,194 @@
+import { useForm } from "react-hook-form";
+import { useTranslation } from "react-i18next";
+import z from "zod";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { ClientResponseError } from "pocketbase";
+
+import { Input } from "@/components/ui/input";
+import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
+import { Button } from "@/components/ui/button";
+import { PbErrorData } from "@/domain/base";
+import { accessProvidersMap, accessTypeFormSchema, type Access, type VolcengineConfig } from "@/domain/access";
+import { save } from "@/repository/access";
+import { useConfigContext } from "@/providers/config";
+
+type AccessVolcengineFormProps = {
+  op: "add" | "edit" | "copy";
+  data?: Access;
+  onAfterReq: () => void;
+};
+
+const AccessVolcengineForm = ({ data, op, onAfterReq }: AccessVolcengineFormProps) => {
+  const { addAccess, updateAccess } = useConfigContext();
+  const { t } = useTranslation();
+  const formSchema = z.object({
+    id: z.string().optional(),
+    name: z
+      .string()
+      .min(1, "access.authorization.form.name.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    configType: accessTypeFormSchema,
+    accessKeyId: z
+      .string()
+      .min(1, "access.authorization.form.access_key_id.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretAccessKey: z
+      .string()
+      .min(1, "access.authorization.form.secret_access_key.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+
+  let config: VolcengineConfig = {
+    accessKeyId: "",
+    secretAccessKey: "",
+  };
+  if (data) config = data.config as VolcengineConfig;
+
+  const form = useForm<z.infer<typeof formSchema>>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      id: data?.id,
+      name: data?.name || "",
+      configType: "volcengine",
+      accessKeyId: config.accessKeyId,
+      secretAccessKey: config.secretAccessKey,
+    },
+  });
+
+  const onSubmit = async (data: z.infer<typeof formSchema>) => {
+    const req: Access = {
+      id: data.id as string,
+      name: data.name,
+      configType: data.configType,
+      usage: accessProvidersMap.get(data.configType)!.usage,
+      config: {
+        accessKeyId: data.accessKeyId,
+        secretAccessKey: data.secretAccessKey,
+      },
+    };
+
+    try {
+      req.id = op == "copy" ? "" : req.id;
+      const rs = await save(req);
+
+      onAfterReq();
+
+      req.id = rs.id;
+      req.created = rs.created;
+      req.updated = rs.updated;
+      if (data.id && op == "edit") {
+        updateAccess(req);
+        return;
+      }
+      addAccess(req);
+    } catch (e) {
+      const err = e as ClientResponseError;
+
+      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
+        form.setError(key as keyof z.infer<typeof formSchema>, {
+          type: "manual",
+          message: value.message,
+        });
+      });
+
+      return;
+    }
+  };
+
+  return (
+    <>
+      <Form {...form}>
+        <form
+          onSubmit={(e) => {
+            e.stopPropagation();
+            form.handleSubmit(onSubmit)(e);
+          }}
+          className="space-y-8"
+        >
+          <FormField
+            control={form.control}
+            name="name"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="id"
+            render={({ field }) => (
+              <FormItem className="hidden">
+                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="configType"
+            render={({ field }) => (
+              <FormItem className="hidden">
+                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="accessKeyId"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.access_key_id.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.access_key_id.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="secretAccessKey"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("access.authorization.form.secret_access_key.label")}</FormLabel>
+                <FormControl>
+                  <Input placeholder={t("access.authorization.form.secret_access_key.placeholder")} {...field} />
+                </FormControl>
+
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormMessage />
+
+          <div className="flex justify-end">
+            <Button type="submit">{t("common.save")}</Button>
+          </div>
+        </form>
+      </Form>
+    </>
+  );
+};
+
+export default AccessVolcengineForm;
--- a/ui/src/components/certimate/DeployEdit.tsx
+++ b/ui/src/components/certimate/DeployEdit.tsx
@@ -1,16 +1,17 @@
-import { createContext, useContext } from "react";
+import { createContext, useContext, type Context as ReactContext } from "react";

-import { DeployConfig } from "@/domain/domain";
+import { type DeployConfig } from "@/domain/domain";

-type DeployEditContext = {
-  deploy: DeployConfig;
-  error: Record<string, string>;
-  setDeploy: (deploy: DeployConfig) => void;
-  setError: (error: Record<string, string>) => void;
+export type DeployEditContext<T extends DeployConfig["config"] = DeployConfig["config"]> = {
+  config: Omit<DeployConfig, "config"> & { config: T };
+  setConfig: (config: Omit<DeployConfig, "config"> & { config: T }) => void;
+
+  errors: { [K in keyof T]?: string };
+  setErrors: (error: { [K in keyof T]?: string }) => void;
 };

 export const Context = createContext<DeployEditContext>({} as DeployEditContext);

-export const useDeployEditContext = () => {
-  return useContext(Context);
-};
+export function useDeployEditContext<T extends DeployConfig["config"] = DeployConfig["config"]>() {
+  return useContext<DeployEditContext<T>>(Context as unknown as ReactContext<DeployEditContext<T>>);
+}
--- a/ui/src/components/certimate/DeployEditDialog.tsx
+++ b/ui/src/components/certimate/DeployEditDialog.tsx
@@ -8,17 +8,27 @@ import { Label } from "@/components/ui/label";
 import { Select, SelectContent, SelectGroup, SelectItem, SelectLabel, SelectTrigger, SelectValue } from "@/components/ui/select";
 import { ScrollArea } from "@/components/ui/scroll-area";
 import AccessEditDialog from "./AccessEditDialog";
-import { Context as DeployEditContext } from "./DeployEdit";
+import { Context as DeployEditContext, type DeployEditContext as DeployEditContextType } from "./DeployEdit";
 import DeployToAliyunOSS from "./DeployToAliyunOSS";
 import DeployToAliyunCDN from "./DeployToAliyunCDN";
+import DeployToAliyunCLB from "./DeployToAliyunCLB";
+import DeployToAliyunALB from "./DeployToAliyunALB";
+import DeployToAliyunNLB from "./DeployToAliyunNLB";
 import DeployToTencentCDN from "./DeployToTencentCDN";
 import DeployToTencentCLB from "./DeployToTencentCLB";
 import DeployToTencentCOS from "./DeployToTencentCOS";
+import DeployToTencentTEO from "./DeployToTencentTEO";
 import DeployToHuaweiCloudCDN from "./DeployToHuaweiCloudCDN";
+import DeployToHuaweiCloudELB from "./DeployToHuaweiCloudELB";
+import DeployToBaiduCloudCDN from "./DeployToBaiduCloudCDN";
 import DeployToQiniuCDN from "./DeployToQiniuCDN";
+import DeployToDogeCloudCDN from "./DeployToDogeCloudCDN";
+import DeployToLocal from "./DeployToLocal";
 import DeployToSSH from "./DeployToSSH";
 import DeployToWebhook from "./DeployToWebhook";
 import DeployToKubernetesSecret from "./DeployToKubernetesSecret";
+import DeployToVolcengineLive from "./DeployToVolcengineLive"
+import DeployToVolcengineCDN from "./DeployToVolcengineCDN"
 import { deployTargetsMap, type DeployConfig } from "@/domain/domain";
 import { accessProvidersMap } from "@/domain/access";
 import { useConfigContext } from "@/providers/config";
@@ -43,7 +53,7 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
    type: "",
  });

-  const [error, setError] = useState<Record<string, string>>({});
+  const [errors, setErrors] = useState<Record<string, string | undefined>>({});

  const [open, setOpen] = useState(false);

@@ -60,10 +70,10 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro

  useEffect(() => {
    setDeployType(locDeployConfig.type);
-    setError({});
+    setErrors({});
  }, [locDeployConfig.type]);

-  const setDeploy = useCallback(
+  const setConfig = useCallback(
    (deploy: DeployConfig) => {
      if (deploy.type !== locDeployConfig.type) {
        setLocDeployConfig({ ...deploy, access: "", config: {} });
@@ -83,15 +93,15 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
      return true;
    }

-    return item.configType === locDeployConfig.type.split("-")[0];
+    return item.configType === deployTargetsMap.get(locDeployConfig.type)?.provider;
  });

  const handleSaveClick = () => {
    // 验证数据
-    const newError = { ...error };
+    const newError = { ...errors };
    newError.type = locDeployConfig.type === "" ? t("domain.deployment.form.access.placeholder") : "";
    newError.access = locDeployConfig.access === "" ? t("domain.deployment.form.access.placeholder") : "";
-    setError(newError);
+    setErrors(newError);
    if (Object.values(newError).some((e) => !!e)) return;

    // 保存数据
@@ -102,7 +112,7 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
      access: "",
      type: "",
    });
-    setError({});
+    setErrors({});

    // 关闭弹框
    setOpen(false);
@@ -117,7 +127,17 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
    case "aliyun-dcdn":
      childComponent = <DeployToAliyunCDN />;
      break;
+    case "aliyun-clb":
+      childComponent = <DeployToAliyunCLB />;
+      break;
+    case "aliyun-alb":
+      childComponent = <DeployToAliyunALB />;
+      break;
+    case "aliyun-nlb":
+      childComponent = <DeployToAliyunNLB />;
+      break;
    case "tencent-cdn":
+    case "tencent-ecdn":
      childComponent = <DeployToTencentCDN />;
      break;
    case "tencent-clb":
@@ -126,14 +146,28 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
    case "tencent-cos":
      childComponent = <DeployToTencentCOS />;
      break;
+    case "tencent-teo":
+      childComponent = <DeployToTencentTEO />;
+      break;
    case "huaweicloud-cdn":
      childComponent = <DeployToHuaweiCloudCDN />;
      break;
+    case "huaweicloud-elb":
+      childComponent = <DeployToHuaweiCloudELB />;
+      break;
+    case "baiducloud-cdn":
+      childComponent = <DeployToBaiduCloudCDN />;
+      break;
    case "qiniu-cdn":
      childComponent = <DeployToQiniuCDN />;
      break;
-    case "ssh":
+    case "dogecloud-cdn":
+      childComponent = <DeployToDogeCloudCDN />;
+      break;
    case "local":
+      childComponent = <DeployToLocal />;
+      break;
+    case "ssh":
      childComponent = <DeployToSSH />;
      break;
    case "webhook":
@@ -142,20 +176,31 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
    case "k8s-secret":
      childComponent = <DeployToKubernetesSecret />;
      break;
+    case "volcengine-live":
+      childComponent = <DeployToVolcengineLive />;
+      break;
+    case "volcengine-cdn":
+      childComponent = <DeployToVolcengineCDN />;
+      break;
  }

  return (
    <DeployEditContext.Provider
      value={{
-        deploy: locDeployConfig,
-        error: error,
-        setDeploy: setDeploy,
-        setError: setError,
+        config: locDeployConfig as DeployEditContextType["config"],
+        setConfig: setConfig as DeployEditContextType["setConfig"],
+        errors: errors as DeployEditContextType["errors"],
+        setErrors: setErrors as DeployEditContextType["setErrors"],
      }}
    >
      <Dialog open={open} onOpenChange={setOpen}>
        <DialogTrigger>{trigger}</DialogTrigger>
-        <DialogContent className="dark:text-stone-200">
+        <DialogContent
+          className="dark:text-stone-200"
+          onInteractOutside={(event) => {
+            event.preventDefault();
+          }}
+        >
          <DialogHeader>
            <DialogTitle>{t("domain.deployment.tab")}</DialogTitle>
            <DialogDescription></DialogDescription>
@@ -170,7 +215,7 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
                <Select
                  value={locDeployConfig.type}
                  onValueChange={(val: string) => {
-                    setDeploy({ ...locDeployConfig, type: val });
+                    setConfig({ ...locDeployConfig, type: val });
                  }}
                >
                  <SelectTrigger className="mt-2">
@@ -191,7 +236,7 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
                  </SelectContent>
                </Select>

-                <div className="text-red-500 text-sm mt-1">{error.type}</div>
+                <div className="text-red-500 text-sm mt-1">{errors.type}</div>
              </div>

              {/* 授权配置 */}
@@ -212,7 +257,7 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
                <Select
                  value={locDeployConfig.access}
                  onValueChange={(val: string) => {
-                    setDeploy({ ...locDeployConfig, access: val });
+                    setConfig({ ...locDeployConfig, access: val });
                  }}
                >
                  <SelectTrigger className="mt-2">
@@ -233,7 +278,7 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
                  </SelectContent>
                </Select>

-                <div className="text-red-500 text-sm mt-1">{error.access}</div>
+                <div className="text-red-500 text-sm mt-1">{errors.access}</div>
              </div>

              {/* 其他参数 */}
--- a/ui/src/components/certimate/DeployList.tsx
+++ b/ui/src/components/certimate/DeployList.tsx
@@ -9,6 +9,7 @@ import { Button } from "@/components/ui/button";
 import DeployEditDialog from "./DeployEditDialog";
 import { DeployConfig } from "@/domain/domain";
 import { accessProvidersMap } from "@/domain/access";
+import { deployTargetsMap } from "@/domain/domain";
 import { useConfigContext } from "@/providers/config";

 type DeployItemProps = {
@@ -18,10 +19,11 @@ type DeployItemProps = {
 };

 const DeployItem = ({ item, onDelete, onSave }: DeployItemProps) => {
+  const { t } = useTranslation();
+
  const {
    config: { accesses },
  } = useConfigContext();
-  const { t } = useTranslation();

  const access = accesses.find((access) => access.id === item.access);

@@ -34,11 +36,7 @@ const DeployItem = ({ item, onDelete, onSave }: DeployItemProps) => {
  };

  const getTypeName = () => {
-    if (!access) {
-      return "";
-    }
-
-    return t(accessProvidersMap.get(access.configType)?.name || "");
+    return t(deployTargetsMap.get(item.type)?.name || "");
  };

  return (
--- a/ui/src/components/certimate/DeployToAliyunALB.tsx
+++ b/ui/src/components/certimate/DeployToAliyunALB.tsx
@@ -0,0 +1,156 @@
+import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
+import { z } from "zod";
+import { produce } from "immer";
+
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
+import { useDeployEditContext } from "./DeployEdit";
+
+type DeployToAliyunALBConfigParams = {
+  region?: string;
+  resourceType?: string;
+  loadbalancerId?: string;
+  listenerId?: string;
+};
+
+const DeployToAliyunALB = () => {
+  const { t } = useTranslation();
+
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToAliyunALBConfigParams>();
+
+  useEffect(() => {
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {
+          region: "cn-hangzhou",
+        },
+      });
+    }
+  }, []);
+
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z
+    .object({
+      region: z.string().min(1, t("domain.deployment.form.aliyun_alb_region.placeholder")),
+      resourceType: z.union([z.literal("loadbalancer"), z.literal("listener")], {
+        message: t("domain.deployment.form.aliyun_alb_resource_type.placeholder"),
+      }),
+      loadbalancerId: z.string().optional(),
+      listenerId: z.string().optional(),
+    })
+    .refine((data) => (data.resourceType === "loadbalancer" ? !!data.loadbalancerId?.trim() : true), {
+      message: t("domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder"),
+      path: ["loadbalancerId"],
+    })
+    .refine((data) => (data.resourceType === "listener" ? !!data.listenerId?.trim() : true), {
+      message: t("domain.deployment.form.aliyun_alb_listener_id.placeholder"),
+      path: ["listenerId"],
+    });
+
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      region: res.error?.errors?.find((e) => e.path[0] === "region")?.message,
+      resourceType: res.error?.errors?.find((e) => e.path[0] === "resourceType")?.message,
+      loadbalancerId: res.error?.errors?.find((e) => e.path[0] === "loadbalancerId")?.message,
+      listenerId: res.error?.errors?.find((e) => e.path[0] === "listenerId")?.message,
+    });
+  }, [config]);
+
+  return (
+    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_alb_region.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.aliyun_alb_region.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.region}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.region = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.region}</div>
+      </div>
+
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_alb_resource_type.label")}</Label>
+        <Select
+          value={config?.config?.resourceType}
+          onValueChange={(value) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.resourceType = value?.trim();
+            });
+            setConfig(nv);
+          }}
+        >
+          <SelectTrigger>
+            <SelectValue placeholder={t("domain.deployment.form.aliyun_alb_resource_type.placeholder")} />
+          </SelectTrigger>
+          <SelectContent>
+            <SelectGroup>
+              <SelectItem value="loadbalancer">{t("domain.deployment.form.aliyun_alb_resource_type.option.loadbalancer.label")}</SelectItem>
+              <SelectItem value="listener">{t("domain.deployment.form.aliyun_alb_resource_type.option.listener.label")}</SelectItem>
+            </SelectGroup>
+          </SelectContent>
+        </Select>
+        <div className="text-red-600 text-sm mt-1">{errors?.resourceType}</div>
+      </div>
+
+      {config?.config?.resourceType === "loadbalancer" ? (
+        <div>
+          <Label>{t("domain.deployment.form.aliyun_alb_loadbalancer_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.loadbalancerId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.loadbalancerId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.loadbalancerId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+
+      {config?.config?.resourceType === "listener" ? (
+        <div>
+          <Label>{t("domain.deployment.form.aliyun_alb_listener_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.aliyun_alb_listener_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.listenerId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.listenerId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.listenerId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+    </div>
+  );
+};
+
+export default DeployToAliyunALB;
--- a/ui/src/components/certimate/DeployToAliyunCDN.tsx
+++ b/ui/src/components/certimate/DeployToAliyunCDN.tsx
@@ -7,34 +7,42 @@ import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import { useDeployEditContext } from "./DeployEdit";

+type DeployToAliyunCDNConfigParams = {
+  domain?: string;
+};
+
 const DeployToAliyunCDN = () => {
  const { t } = useTranslation();

-  const { deploy: data, setDeploy, error, setError } = useDeployEditContext();
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToAliyunCDNConfigParams>();

  useEffect(() => {
-    setError({});
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {},
+      });
+    }
  }, []);

  useEffect(() => {
-    const resp = domainSchema.safeParse(data.config?.domain);
-    if (!resp.success) {
-      setError({
-        ...error,
-        domain: JSON.parse(resp.error.message)[0].message,
-      });
-    } else {
-      setError({
-        ...error,
-        domain: "",
-      });
-    }
-  }, [data]);
+    setErrors({});
+  }, []);

-  const domainSchema = z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
+  const formSchema = z.object({
+    domain: z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
      message: t("common.errmsg.domain_invalid"),
+    }),
  });

+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      domain: res.error?.errors?.find((e) => e.path[0] === "domain")?.message,
+    });
+  }, [config]);
+
  return (
    <div className="flex flex-col space-y-8">
      <div>
@@ -42,33 +50,16 @@ const DeployToAliyunCDN = () => {
        <Input
          placeholder={t("domain.deployment.form.domain.placeholder")}
          className="w-full mt-1"
-          value={data?.config?.domain}
+          value={config?.config?.domain}
          onChange={(e) => {
-            const temp = e.target.value;
-
-            const resp = domainSchema.safeParse(temp);
-            if (!resp.success) {
-              setError({
-                ...error,
-                domain: JSON.parse(resp.error.message)[0].message,
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.domain = e.target.value?.trim();
            });
-            } else {
-              setError({
-                ...error,
-                domain: "",
-              });
-            }
-
-            const newData = produce(data, (draft) => {
-              if (!draft.config) {
-                draft.config = {};
-              }
-              draft.config.domain = temp;
-            });
-            setDeploy(newData);
+            setConfig(nv);
          }}
        />
-        <div className="text-red-600 text-sm mt-1">{error?.domain}</div>
+        <div className="text-red-600 text-sm mt-1">{errors?.domain}</div>
      </div>
    </div>
  );
--- a/ui/src/components/certimate/DeployToAliyunCLB.tsx
+++ b/ui/src/components/certimate/DeployToAliyunCLB.tsx
@@ -0,0 +1,153 @@
+import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
+import { z } from "zod";
+import { produce } from "immer";
+
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
+import { useDeployEditContext } from "./DeployEdit";
+
+type DeployToAliyunCLBConfigParams = {
+  region?: string;
+  resourceType?: string;
+  loadbalancerId?: string;
+  listenerPort?: string;
+};
+
+const DeployToAliyunCLB = () => {
+  const { t } = useTranslation();
+
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToAliyunCLBConfigParams>();
+
+  useEffect(() => {
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {
+          region: "cn-hangzhou",
+          listenerPort: "443",
+        },
+      });
+    }
+  }, []);
+
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z
+    .object({
+      region: z.string().min(1, t("domain.deployment.form.aliyun_clb_region.placeholder")),
+      resourceType: z.union([z.literal("certificate"), z.literal("loadbalancer"), z.literal("listener")], {
+        message: t("domain.deployment.form.aliyun_clb_resource_type.placeholder"),
+      }),
+      loadbalancerId: z.string().optional(),
+      listenerPort: z.string().optional(),
+    })
+    .refine((data) => (data.resourceType === "loadbalancer" || data.resourceType === "listener" ? !!data.loadbalancerId?.trim() : true), {
+      message: t("domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder"),
+      path: ["loadbalancerId"],
+    })
+    .refine((data) => (data.resourceType === "listener" ? +data.listenerPort! > 0 && +data.listenerPort! < 65535 : true), {
+      message: t("domain.deployment.form.aliyun_clb_listener_port.placeholder"),
+      path: ["listenerPort"],
+    });
+
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      region: res.error?.errors?.find((e) => e.path[0] === "region")?.message,
+      resourceType: res.error?.errors?.find((e) => e.path[0] === "resourceType")?.message,
+      loadbalancerId: res.error?.errors?.find((e) => e.path[0] === "loadbalancerId")?.message,
+      listenerPort: res.error?.errors?.find((e) => e.path[0] === "listenerPort")?.message,
+    });
+  }, [config]);
+
+  return (
+    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_clb_region.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.aliyun_clb_region.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.region}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.region = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.region}</div>
+      </div>
+
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_clb_resource_type.label")}</Label>
+        <Select
+          value={config?.config?.resourceType}
+          onValueChange={(value) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.resourceType = value;
+            });
+            setConfig(nv);
+          }}
+        >
+          <SelectTrigger>
+            <SelectValue placeholder={t("domain.deployment.form.aliyun_clb_resource_type.placeholder")} />
+          </SelectTrigger>
+          <SelectContent>
+            <SelectGroup>
+              <SelectItem value="loadbalancer">{t("domain.deployment.form.aliyun_clb_resource_type.option.loadbalancer.label")}</SelectItem>
+              <SelectItem value="listener">{t("domain.deployment.form.aliyun_clb_resource_type.option.listener.label")}</SelectItem>
+            </SelectGroup>
+          </SelectContent>
+        </Select>
+        <div className="text-red-600 text-sm mt-1">{errors?.resourceType}</div>
+      </div>
+
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_clb_loadbalancer_id.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.loadbalancerId}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.loadbalancerId = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.loadbalancerId}</div>
+      </div>
+
+      {config?.config?.resourceType === "listener" ? (
+        <div>
+          <Label>{t("domain.deployment.form.aliyun_clb_listener_port.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.aliyun_clb_listener_port.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.listenerPort}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.listenerPort = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.listenerPort}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+    </div>
+  );
+};
+
+export default DeployToAliyunCLB;
--- a/ui/src/components/certimate/DeployToAliyunNLB.tsx
+++ b/ui/src/components/certimate/DeployToAliyunNLB.tsx
@@ -0,0 +1,156 @@
+import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
+import { z } from "zod";
+import { produce } from "immer";
+
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
+import { useDeployEditContext } from "./DeployEdit";
+
+type DeployToAliyunNLBConfigParams = {
+  region?: string;
+  resourceType?: string;
+  loadbalancerId?: string;
+  listenerId?: string;
+};
+
+const DeployToAliyunNLB = () => {
+  const { t } = useTranslation();
+
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToAliyunNLBConfigParams>();
+
+  useEffect(() => {
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {
+          region: "cn-hangzhou",
+        },
+      });
+    }
+  }, []);
+
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z
+    .object({
+      region: z.string().min(1, t("domain.deployment.form.aliyun_nlb_region.placeholder")),
+      resourceType: z.union([z.literal("loadbalancer"), z.literal("listener")], {
+        message: t("domain.deployment.form.aliyun_nlb_resource_type.placeholder"),
+      }),
+      loadbalancerId: z.string().optional(),
+      listenerId: z.string().optional(),
+    })
+    .refine((data) => (data.resourceType === "loadbalancer" ? !!data.loadbalancerId?.trim() : true), {
+      message: t("domain.deployment.form.aliyun_nlb_loadbalancer_id.placeholder"),
+      path: ["loadbalancerId"],
+    })
+    .refine((data) => (data.resourceType === "listener" ? !!data.listenerId?.trim() : true), {
+      message: t("domain.deployment.form.aliyun_nlb_listener_id.placeholder"),
+      path: ["listenerId"],
+    });
+
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      region: res.error?.errors?.find((e) => e.path[0] === "region")?.message,
+      resourceType: res.error?.errors?.find((e) => e.path[0] === "resourceType")?.message,
+      loadbalancerId: res.error?.errors?.find((e) => e.path[0] === "loadbalancerId")?.message,
+      listenerId: res.error?.errors?.find((e) => e.path[0] === "listenerId")?.message,
+    });
+  }, [config]);
+
+  return (
+    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_nlb_region.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.aliyun_nlb_region.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.region}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.region = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.region}</div>
+      </div>
+
+      <div>
+        <Label>{t("domain.deployment.form.aliyun_nlb_resource_type.label")}</Label>
+        <Select
+          value={config?.config?.resourceType}
+          onValueChange={(value) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.resourceType = value;
+            });
+            setConfig(nv);
+          }}
+        >
+          <SelectTrigger>
+            <SelectValue placeholder={t("domain.deployment.form.aliyun_nlb_resource_type.placeholder")} />
+          </SelectTrigger>
+          <SelectContent>
+            <SelectGroup>
+              <SelectItem value="loadbalancer">{t("domain.deployment.form.aliyun_nlb_resource_type.option.loadbalancer.label")}</SelectItem>
+              <SelectItem value="listener">{t("domain.deployment.form.aliyun_nlb_resource_type.option.listener.label")}</SelectItem>
+            </SelectGroup>
+          </SelectContent>
+        </Select>
+        <div className="text-red-600 text-sm mt-1">{errors?.resourceType}</div>
+      </div>
+
+      {config?.config?.resourceType === "loadbalancer" ? (
+        <div>
+          <Label>{t("domain.deployment.form.aliyun_nlb_loadbalancer_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.aliyun_nlb_loadbalancer_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.loadbalancerId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.loadbalancerId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.loadbalancerId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+
+      {config?.config?.resourceType === "listener" ? (
+        <div>
+          <Label>{t("domain.deployment.form.aliyun_nlb_listener_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.aliyun_nlb_listener_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.listenerId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.listenerId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.listenerId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+    </div>
+  );
+};
+
+export default DeployToAliyunNLB;
--- a/ui/src/components/certimate/DeployToAliyunOSS.tsx
+++ b/ui/src/components/certimate/DeployToAliyunOSS.tsx
@@ -7,121 +7,88 @@ import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import { useDeployEditContext } from "./DeployEdit";

-const DeployToAliyunOSS = () => {
-  const { deploy: data, setDeploy, error, setError } = useDeployEditContext();
+type DeployToAliyunOSSConfigParams = {
+  endpoint?: string;
+  bucket?: string;
+  domain?: string;
+};

+const DeployToAliyunOSS = () => {
  const { t } = useTranslation();

-  useEffect(() => {
-    setError({});
-  }, []);
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToAliyunOSSConfigParams>();

  useEffect(() => {
-    const resp = domainSchema.safeParse(data.config?.domain);
-    if (!resp.success) {
-      setError({
-        ...error,
-        domain: JSON.parse(resp.error.message)[0].message,
-      });
-    } else {
-      setError({
-        ...error,
-        domain: "",
-      });
-    }
-  }, [data]);
-
-  useEffect(() => {
-    const bucketResp = bucketSchema.safeParse(data.config?.domain);
-    if (!bucketResp.success) {
-      setError({
-        ...error,
-        bucket: JSON.parse(bucketResp.error.message)[0].message,
-      });
-    } else {
-      setError({
-        ...error,
-        bucket: "",
-      });
-    }
-  }, []);
-
-  useEffect(() => {
-    if (!data.id) {
-      setDeploy({
-        ...data,
+    if (!config.id) {
+      setConfig({
+        ...config,
        config: {
-          endpoint: "oss-cn-hangzhou.aliyuncs.com",
-          bucket: "",
-          domain: "",
+          endpoint: "oss.aliyuncs.com",
        },
      });
    }
  }, []);

-  const domainSchema = z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z.object({
+    endpoint: z.string().min(1, {
+      message: t("domain.deployment.form.aliyun_oss_endpoint.placeholder"),
+    }),
+    bucket: z.string().min(1, {
+      message: t("domain.deployment.form.aliyun_oss_bucket.placeholder"),
+    }),
+    domain: z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
      message: t("common.errmsg.domain_invalid"),
+    }),
  });

-  const bucketSchema = z.string().min(1, {
-    message: t("domain.deployment.form.oss_bucket.placeholder"),
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      endpoint: res.error?.errors?.find((e) => e.path[0] === "endpoint")?.message,
+      bucket: res.error?.errors?.find((e) => e.path[0] === "bucket")?.message,
+      domain: res.error?.errors?.find((e) => e.path[0] === "domain")?.message,
    });
+  }, [config]);

  return (
    <div className="flex flex-col space-y-8">
      <div>
-        <Label>{t("domain.deployment.form.oss_endpoint.label")}</Label>
+        <Label>{t("domain.deployment.form.aliyun_oss_endpoint.label")}</Label>
        <Input
-          placeholder={t("domain.deployment.form.oss_endpoint.placeholder")}
+          placeholder={t("domain.deployment.form.aliyun_oss_endpoint.placeholder")}
          className="w-full mt-1"
-          value={data?.config?.endpoint}
+          value={config?.config?.endpoint}
          onChange={(e) => {
-            const temp = e.target.value;
-
-            const newData = produce(data, (draft) => {
-              if (!draft.config) {
-                draft.config = {};
-              }
-              draft.config.endpoint = temp;
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.endpoint = e.target.value?.trim();
            });
-            setDeploy(newData);
+            setConfig(nv);
          }}
        />
-        <div className="text-red-600 text-sm mt-1">{error?.endpoint}</div>
+        <div className="text-red-600 text-sm mt-1">{errors?.endpoint}</div>
      </div>

      <div>
-        <Label>{t("domain.deployment.form.oss_bucket.label")}</Label>
+        <Label>{t("domain.deployment.form.aliyun_oss_bucket.label")}</Label>
        <Input
-          placeholder={t("domain.deployment.form.oss_bucket.placeholder")}
+          placeholder={t("domain.deployment.form.aliyun_oss_bucket.placeholder")}
          className="w-full mt-1"
-          value={data?.config?.bucket}
+          value={config?.config?.bucket}
          onChange={(e) => {
-            const temp = e.target.value;
-
-            const resp = bucketSchema.safeParse(temp);
-            if (!resp.success) {
-              setError({
-                ...error,
-                bucket: JSON.parse(resp.error.message)[0].message,
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.bucket = e.target.value?.trim();
            });
-            } else {
-              setError({
-                ...error,
-                bucket: "",
-              });
-            }
-
-            const newData = produce(data, (draft) => {
-              if (!draft.config) {
-                draft.config = {};
-              }
-              draft.config.bucket = temp;
-            });
-            setDeploy(newData);
+            setConfig(nv);
          }}
        />
-        <div className="text-red-600 text-sm mt-1">{error?.bucket}</div>
+        <div className="text-red-600 text-sm mt-1">{errors?.bucket}</div>
      </div>

      <div>
@@ -129,33 +96,16 @@ const DeployToAliyunOSS = () => {
        <Input
          placeholder={t("domain.deployment.form.domain.label")}
          className="w-full mt-1"
-          value={data?.config?.domain}
+          value={config?.config?.domain}
          onChange={(e) => {
-            const temp = e.target.value;
-
-            const resp = domainSchema.safeParse(temp);
-            if (!resp.success) {
-              setError({
-                ...error,
-                domain: JSON.parse(resp.error.message)[0].message,
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.domain = e.target.value?.trim();
            });
-            } else {
-              setError({
-                ...error,
-                domain: "",
-              });
-            }
-
-            const newData = produce(data, (draft) => {
-              if (!draft.config) {
-                draft.config = {};
-              }
-              draft.config.domain = temp;
-            });
-            setDeploy(newData);
+            setConfig(nv);
          }}
        />
-        <div className="text-red-600 text-sm mt-1">{error?.domain}</div>
+        <div className="text-red-600 text-sm mt-1">{errors?.domain}</div>
      </div>
    </div>
  );
--- a/ui/src/components/certimate/DeployToBaiduCloudCDN.tsx
+++ b/ui/src/components/certimate/DeployToBaiduCloudCDN.tsx
@@ -0,0 +1,68 @@
+import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
+import { z } from "zod";
+import { produce } from "immer";
+
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { useDeployEditContext } from "./DeployEdit";
+
+type DeployToBaiduCloudCDNConfigParams = {
+  domain?: string;
+};
+
+const DeployToBaiduCloudCDN = () => {
+  const { t } = useTranslation();
+
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToBaiduCloudCDNConfigParams>();
+
+  useEffect(() => {
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {},
+      });
+    }
+  }, []);
+
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z.object({
+    domain: z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
+      message: t("common.errmsg.domain_invalid"),
+    }),
+  });
+
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      domain: res.error?.errors?.find((e) => e.path[0] === "domain")?.message,
+    });
+  }, [config]);
+
+  return (
+    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.domain.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.domain.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.domain}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.domain = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.domain}</div>
+      </div>
+    </div>
+  );
+};
+
+export default DeployToBaiduCloudCDN;
--- a/ui/src/components/certimate/DeployToDogeCloudCDN.tsx
+++ b/ui/src/components/certimate/DeployToDogeCloudCDN.tsx
@@ -0,0 +1,68 @@
+import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
+import { z } from "zod";
+import { produce } from "immer";
+
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { useDeployEditContext } from "./DeployEdit";
+
+type DeployToDogeCloudCDNConfigParams = {
+  domain?: string;
+};
+
+const DeployToDogeCloudCDN = () => {
+  const { t } = useTranslation();
+
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToDogeCloudCDNConfigParams>();
+
+  useEffect(() => {
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {},
+      });
+    }
+  }, []);
+
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z.object({
+    domain: z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
+      message: t("common.errmsg.domain_invalid"),
+    }),
+  });
+
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      domain: res.error?.errors?.find((e) => e.path[0] === "domain")?.message,
+    });
+  }, [config]);
+
+  return (
+    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.domain.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.domain.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.domain}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.domain = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.domain}</div>
+      </div>
+    </div>
+  );
+};
+
+export default DeployToDogeCloudCDN;
--- a/ui/src/components/certimate/DeployToHuaweiCloudCDN.tsx
+++ b/ui/src/components/certimate/DeployToHuaweiCloudCDN.tsx
@@ -7,68 +7,83 @@ import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import { useDeployEditContext } from "./DeployEdit";

+type DeployToHuaweiCloudCDNConfigParams = {
+  region?: string;
+  domain?: string;
+};
+
 const DeployToHuaweiCloudCDN = () => {
  const { t } = useTranslation();

-  const { deploy: data, setDeploy, error, setError } = useDeployEditContext();
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToHuaweiCloudCDNConfigParams>();

  useEffect(() => {
-    setError({});
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {
+          region: "cn-north-1",
+        },
+      });
+    }
  }, []);

  useEffect(() => {
-    const resp = domainSchema.safeParse(data.config?.domain);
-    if (!resp.success) {
-      setError({
-        ...error,
-        domain: JSON.parse(resp.error.message)[0].message,
-      });
-    } else {
-      setError({
-        ...error,
-        domain: "",
-      });
-    }
-  }, [data]);
+    setErrors({});
+  }, []);

-  const domainSchema = z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
+  const formSchema = z.object({
+    region: z.string().min(1, {
+      message: t("domain.deployment.form.huaweicloud_cdn_region.placeholder"),
+    }),
+    domain: z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
      message: t("common.errmsg.domain_invalid"),
+    }),
  });

+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      region: res.error?.errors?.find((e) => e.path[0] === "region")?.message,
+      domain: res.error?.errors?.find((e) => e.path[0] === "domain")?.message,
+    });
+  }, [config]);
+
  return (
    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.huaweicloud_cdn_region.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.huaweicloud_cdn_region.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.region}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.region = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.region}</div>
+      </div>
+
      <div>
        <Label>{t("domain.deployment.form.domain.label")}</Label>
        <Input
          placeholder={t("domain.deployment.form.domain.placeholder")}
          className="w-full mt-1"
-          value={data?.config?.domain}
+          value={config?.config?.domain}
          onChange={(e) => {
-            const temp = e.target.value;
-
-            const resp = domainSchema.safeParse(temp);
-            if (!resp.success) {
-              setError({
-                ...error,
-                domain: JSON.parse(resp.error.message)[0].message,
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.domain = e.target.value?.trim();
            });
-            } else {
-              setError({
-                ...error,
-                domain: "",
-              });
-            }
-
-            const newData = produce(data, (draft) => {
-              if (!draft.config) {
-                draft.config = {};
-              }
-              draft.config.domain = temp;
-            });
-            setDeploy(newData);
+            setConfig(nv);
          }}
        />
-        <div className="text-red-600 text-sm mt-1">{error?.domain}</div>
+        <div className="text-red-600 text-sm mt-1">{errors?.domain}</div>
      </div>
    </div>
  );
--- a/ui/src/components/certimate/DeployToHuaweiCloudELB.tsx
+++ b/ui/src/components/certimate/DeployToHuaweiCloudELB.tsx
@@ -0,0 +1,185 @@
+import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
+import { z } from "zod";
+import { produce } from "immer";
+
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
+import { useDeployEditContext } from "./DeployEdit";
+
+type DeployToHuaweiCloudELBConfigParams = {
+  region?: string;
+  resourceType?: string;
+  certificateId?: string;
+  loadbalancerId?: string;
+  listenerId?: string;
+};
+
+const DeployToHuaweiCloudELB = () => {
+  const { t } = useTranslation();
+
+  const { config, setConfig, errors, setErrors } = useDeployEditContext<DeployToHuaweiCloudELBConfigParams>();
+
+  useEffect(() => {
+    if (!config.id) {
+      setConfig({
+        ...config,
+        config: {
+          region: "cn-north-1",
+        },
+      });
+    }
+  }, []);
+
+  useEffect(() => {
+    setErrors({});
+  }, []);
+
+  const formSchema = z
+    .object({
+      region: z.string().min(1, t("domain.deployment.form.huaweicloud_elb_region.placeholder")),
+      resourceType: z.union([z.literal("certificate"), z.literal("loadbalancer"), z.literal("listener")], {
+        message: t("domain.deployment.form.huaweicloud_elb_resource_type.placeholder"),
+      }),
+      certificateId: z.string().optional(),
+      loadbalancerId: z.string().optional(),
+      listenerId: z.string().optional(),
+    })
+    .refine((data) => (data.resourceType === "certificate" ? !!data.certificateId?.trim() : true), {
+      message: t("domain.deployment.form.huaweicloud_elb_certificate_id.placeholder"),
+      path: ["certificateId"],
+    })
+    .refine((data) => (data.resourceType === "loadbalancer" ? !!data.loadbalancerId?.trim() : true), {
+      message: t("domain.deployment.form.huaweicloud_elb_loadbalancer_id.placeholder"),
+      path: ["loadbalancerId"],
+    })
+    .refine((data) => (data.resourceType === "listener" ? !!data.listenerId?.trim() : true), {
+      message: t("domain.deployment.form.huaweicloud_elb_listener_id.placeholder"),
+      path: ["listenerId"],
+    });
+
+  useEffect(() => {
+    const res = formSchema.safeParse(config.config);
+    setErrors({
+      ...errors,
+      region: res.error?.errors?.find((e) => e.path[0] === "region")?.message,
+      resourceType: res.error?.errors?.find((e) => e.path[0] === "resourceType")?.message,
+      certificateId: res.error?.errors?.find((e) => e.path[0] === "certificateId")?.message,
+      loadbalancerId: res.error?.errors?.find((e) => e.path[0] === "loadbalancerId")?.message,
+      listenerId: res.error?.errors?.find((e) => e.path[0] === "listenerId")?.message,
+    });
+  }, [config]);
+
+  return (
+    <div className="flex flex-col space-y-8">
+      <div>
+        <Label>{t("domain.deployment.form.huaweicloud_elb_region.label")}</Label>
+        <Input
+          placeholder={t("domain.deployment.form.huaweicloud_elb_region.placeholder")}
+          className="w-full mt-1"
+          value={config?.config?.region}
+          onChange={(e) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.region = e.target.value?.trim();
+            });
+            setConfig(nv);
+          }}
+        />
+        <div className="text-red-600 text-sm mt-1">{errors?.region}</div>
+      </div>
+
+      <div>
+        <Label>{t("domain.deployment.form.huaweicloud_elb_resource_type.label")}</Label>
+        <Select
+          value={config?.config?.resourceType}
+          onValueChange={(value) => {
+            const nv = produce(config, (draft) => {
+              draft.config ??= {};
+              draft.config.resourceType = value;
+            });
+            setConfig(nv);
+          }}
+        >
+          <SelectTrigger>
+            <SelectValue placeholder={t("domain.deployment.form.huaweicloud_elb_resource_type.placeholder")} />
+          </SelectTrigger>
+          <SelectContent>
+            <SelectGroup>
+              <SelectItem value="certificate">{t("domain.deployment.form.huaweicloud_elb_resource_type.option.certificate.label")}</SelectItem>
+              <SelectItem value="loadbalancer">{t("domain.deployment.form.huaweicloud_elb_resource_type.option.loadbalancer.label")}</SelectItem>
+              <SelectItem value="listener">{t("domain.deployment.form.huaweicloud_elb_resource_type.option.listener.label")}</SelectItem>
+            </SelectGroup>
+          </SelectContent>
+        </Select>
+        <div className="text-red-600 text-sm mt-1">{errors?.resourceType}</div>
+      </div>
+
+      {config?.config?.resourceType === "certificate" ? (
+        <div>
+          <Label>{t("domain.deployment.form.huaweicloud_elb_certificate_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.huaweicloud_elb_certificate_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.certificateId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.certificateId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.certificateId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+
+      {config?.config?.resourceType === "loadbalancer" ? (
+        <div>
+          <Label>{t("domain.deployment.form.huaweicloud_elb_loadbalancer_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.huaweicloud_elb_loadbalancer_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.loadbalancerId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.loadbalancerId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.loadbalancerId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+
+      {config?.config?.resourceType === "listener" ? (
+        <div>
+          <Label>{t("domain.deployment.form.huaweicloud_elb_listener_id.label")}</Label>
+          <Input
+            placeholder={t("domain.deployment.form.huaweicloud_elb_listener_id.placeholder")}
+            className="w-full mt-1"
+            value={config?.config?.listenerId}
+            onChange={(e) => {
+              const nv = produce(config, (draft) => {
+                draft.config ??= {};
+                draft.config.listenerId = e.target.value?.trim();
+              });
+              setConfig(nv);
+            }}
+          />
+          <div className="text-red-600 text-sm mt-1">{errors?.listenerId}</div>
+        </div>
+      ) : (
+        <></>
+      )}
+    </div>
+  );
+};
+
+export default DeployToHuaweiCloudELB;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
yoan	c853f2976f	v0.2.20	2024-11-15 08:07:37 +08:00
usual2970	b66931003f	Merge pull request #342 from belier-cn/volcengine-cdn feat: add volcengine cdn deployer	2024-11-15 08:05:27 +08:00
belier	42c5aea3f7	docs: update README_EN.md	2024-11-14 14:28:39 +08:00
belier	e2fd9c4cee	style: modify variable name	2024-11-14 14:28:35 +08:00
belier	f847b7ff62	improvement: improve certificate fingerprint comparison	2024-11-14 14:19:00 +08:00
belier	9eae8f5077	feat: add volcengine cdn deployer	2024-11-14 13:39:23 +08:00
usual2970	2bacf76664	Merge pull request #339 from belier-cn/main feat: add volcengine dns provider and add volcengine live deployer	2024-11-14 09:42:26 +08:00
usual2970	b2030caedc	Merge pull request #337 from fudiwei/bugfix/syntax-error fix switch-case syntax error	2024-11-14 09:35:58 +08:00
usual2970	956c975c6d	Merge pull request #333 from JiangJamm/feat/notify_setting_expand feat: 使系统设置中的消息推送设置列表打开后能够关闭	2024-11-14 09:34:52 +08:00
belier	c298f8b952	docs: Add Volcengine Information to README.md	2024-11-13 16:18:04 +08:00
belier	e2562a5251	feat: add volcengine dns provider and add volcengine live deployer	2024-11-13 15:36:46 +08:00
Fu Diwei	dbdb40baf9	fix: fix switch-case syntax error	2024-11-13 13:44:44 +08:00
yoan	2ff923dd1b	v0.2.19	2024-11-13 08:16:19 +08:00
usual2970	f4f13f91f2	Merge pull request #331 from fudiwei/bugfix/qiniu-wildcard-domain bugfix #330	2024-11-13 08:14:32 +08:00
usual2970	034aa980e6	Merge pull request #329 from fudiwei/bugfix/aliyun-clb-deploy-error bugfix #326	2024-11-13 08:14:19 +08:00
usual2970	6ac7a51ce0	Merge pull request #328 from fudiwei/bugfix/tencentcloud-deploy-config-not-saving bugfix #324	2024-11-13 08:14:05 +08:00
usual2970	cf0c0e3e2c	Merge pull request #327 from LeoChen98/fix-tencent-cos-instance-not-found fixed: instance not found when deploying tencent COS	2024-11-13 08:13:49 +08:00
JiangJamm	1b899575e0	feat: 使系统设置中的消息推送设置列表打开后能够关闭	2024-11-13 01:10:26 +08:00
Fu Diwei	23e5cb5669	fix: #330	2024-11-12 21:41:06 +08:00
Fu Diwei	e4ba4c9b37	fix: #326	2024-11-12 20:35:31 +08:00
Fu Diwei	9ed64bdc9a	fix: #324	2024-11-12 20:20:54 +08:00
Leo Chen	e9b6fb55ff	fixed: instance possible not found when deploying tencent CLB via SSL api 修复了重构导致腾讯云CLB通过SSL接口部署时可能找不到实例的bug	2024-11-12 17:59:13 +08:00
Leo Chen	80caf881ae	fixed: instance not found when deploying tencent COS 修复了重构导致腾讯云COS部署时找不到实例的bug	2024-11-12 17:56:41 +08:00
usual2970	c36db3545f	Merge pull request #321 from fudiwei/feat/notifier feat: notifiers	2024-11-11 18:16:30 +08:00
yoan	a367585ab4	v0.2.18	2024-11-11 07:58:13 +08:00
Fu Diwei	2994cb5c65	test: add unit test case for email notifier	2024-11-10 20:28:01 +08:00
Fu Diwei	1bedb31a3c	fix: fix typo	2024-11-10 20:06:18 +08:00
Fu Diwei	8fecebc254	feat: show loading button when pushing test notifications	2024-11-10 20:00:19 +08:00
Fu Diwei	44497a0969	feat: new UI for notify settings	2024-11-10 19:52:50 +08:00
usual2970	5362371bda	Merge pull request #319 from fudiwei/bugfix/aliyun-api-error bugfix #318	2024-11-10 19:40:40 +08:00
Fu Diwei	8b04e96a7d	feat: new UI for email notify settings	2024-11-10 18:21:43 +08:00
Fu Diwei	5d93334426	refactor: re-implement logic of notify	2024-11-10 18:03:20 +08:00
Fu Diwei	150b666d4b	refactor: maps utils	2024-11-09 20:46:49 +08:00
Fu Diwei	94579d65c4	refactor: clean code	2024-11-09 20:29:13 +08:00
Fu Diwei	551b06b4e8	feat: notifier	2024-11-09 20:06:22 +08:00
Fu Diwei	76fc47a274	Merge branch 'main' into feat/notifier	2024-11-09 12:14:21 +08:00
yoan	35e1bfcd7f	Update readme	2024-11-09 11:37:34 +08:00
Fu Diwei	24df7913fe	feat: support aliyun global ALB/NLB	2024-11-09 09:54:49 +08:00
Fu Diwei	83674e4b35	refactor: ensure compile-time check for `Uploader` implementations	2024-11-09 09:47:14 +08:00
Fu Diwei	22d3aeb7b5	fix: #318	2024-11-09 09:41:05 +08:00
yoan	cf005711c0	v0.2.17	2024-11-08 08:11:04 +08:00
usual2970	0a00d0c52f	Merge pull request #314 from fudiwei/bugfix/dogecloud-api-error bugfix #313	2024-11-08 08:10:18 +08:00
usual2970	9aa17a0395	Merge pull request #315 from fudiwei/bugfix/qiniu-panic bugfix #304	2024-11-08 08:09:41 +08:00
Fu Diwei	65ecdf7dc2	update README	2024-11-07 17:36:41 +08:00
Fu Diwei	0dfa5994cc	fix: #304	2024-11-07 17:35:43 +08:00
Fu Diwei	5d2844fdb6	fix: #313	2024-11-07 15:01:46 +08:00
yoan	44332b9d07	v0.2.16	2024-11-07 08:09:25 +08:00
usual2970	20a23e148c	Merge pull request #309 from fudiwei/bugfix/dogecloud-api-error bugfix #308	2024-11-07 08:06:55 +08:00
RHQYZ	0bcb6206f4	fix #308	2024-11-06 11:07:24 +08:00
yoan	943b9827ee	v0.2.15	2024-11-06 07:12:48 +08:00
usual2970	741f3ec212	Merge pull request #306 from fudiwei/bugfix/dogecloud-api-error bugfix #303	2024-11-06 07:08:12 +08:00
Fu Diwei	8549a17675	fix: #303	2024-11-05 18:16:21 +08:00
yoan	718cfccbea	resolve new sftp client failure	2024-11-05 08:35:37 +08:00
yoan	2458fa26d8	v0.2.14	2024-11-05 08:30:28 +08:00
yoan	ac24684d2b	Merge branch 'main' of github.com:usual2970/certimate	2024-11-05 08:29:58 +08:00
yoan	106dbd9538	Merge branch 'fudiwei-feat/cloud-cdn'	2024-11-05 08:29:30 +08:00
yoan	f9efb2b800	migration	2024-11-05 08:28:35 +08:00
usual2970	897d124d5b	Merge pull request #299 from fudiwei/bugfix/ssh-jks bugfix #298	2024-11-05 08:15:13 +08:00
Fu Diwei	34daf9ccac	refactor: clean code	2024-11-04 12:54:23 +08:00
Fu Diwei	269a97e81e	feat: add baiducloud cdn deployer	2024-11-04 12:44:53 +08:00
Fu Diwei	2fd57621d8	fix: #298	2024-11-04 11:20:35 +08:00
Fu Diwei	76de837214	feat: add baiducloud provider	2024-11-04 11:11:00 +08:00
Fu Diwei	1e41020728	feat: add dogecloud cdn deployer	2024-11-04 10:34:05 +08:00
Fu Diwei	8a78e49bf0	feat: add dogecloud provider	2024-11-04 10:30:18 +08:00
yoan	e6726e4c02	v0.2.13	2024-11-04 08:07:05 +08:00
yoan	76330a4a1a	v0.2.12	2024-11-04 07:49:00 +08:00
usual2970	7e5f0097e4	Merge pull request #296 from usual2970/hotfix/email fix: resolve email notification delivery failure	2024-11-02 13:09:37 +08:00
yoan	18e1c02d1c	fix: resolve email notification delivery failure	2024-11-02 10:17:16 +08:00
usual2970	28992f178e	Merge pull request #294 from funnyzak/bark_notify feat: add Bark notifier	2024-11-02 09:52:13 +08:00
usual2970	c41f34c352	Merge pull request #276 from fudiwei/feat/cloud-load-balance feat: tencent clb deployer	2024-11-02 09:46:42 +08:00
Fu Diwei	6b5580a30c	refactor: clean code	2024-11-01 15:56:22 +08:00
Fu Diwei	1dee14e32d	refactor: adjust project structure	2024-11-01 15:54:05 +08:00
Fu Diwei	1e3c4881d0	refactor: remove unused certificate name in TencentCloudSSLUploader	2024-11-01 15:33:02 +08:00
Leon	657964cda4	feat: add Bark notification channel and related settings	2024-11-01 11:35:09 +08:00
Fu Diwei	893aac916c	feat(ui): show deploy provider name rather than access provider name in `DeployList`	2024-10-31 20:25:06 +08:00
Fu Diwei	68da6cf3ae	fix: fix import cycle	2024-10-31 20:03:04 +08:00
Fu Diwei	0d96ea9eef	refactor: deprecate `internal/deployer/deployer.getDeployVariables`	2024-10-31 19:59:21 +08:00
Fu Diwei	0ceb44a7cd	refactor: deprecate `internal/utils/rand.RandStr`	2024-10-31 19:53:48 +08:00
Fu Diwei	4fec0036cb	refactor: fix typo	2024-10-31 18:25:22 +08:00
Fu Diwei	f82eee4636	refactor: clean code	2024-10-31 14:30:16 +08:00
Fu Diwei	260cfb96ec	refactor(ui): declare deploy config params	2024-10-31 14:27:11 +08:00
Fu Diwei	f71a519674	refactor: clean code	2024-10-31 13:41:21 +08:00
Fu Diwei	369c146eca	feat: support tencent clb deployment in multiple ways	2024-10-31 13:24:43 +08:00
Fu Diwei	83264a6946	refactor: clean code	2024-10-31 11:37:16 +08:00
Fu Diwei	3c3d4e9109	refactor: extend qiniu sdk	2024-10-31 11:37:03 +08:00
Fu Diwei	ce55365292	refactor: extend huaweicloud cdn sdk	2024-10-31 10:14:27 +08:00
Fu Diwei	be495839b6	Merge branch 'main' into feat/cloud-load-balance	2024-10-31 09:14:57 +08:00
usual2970	a27a9f55a7	Merge pull request #284 from usual2970/feat/ui-1030 Fix the issue where long domain names or titles overlap the next column.	2024-10-31 08:15:22 +08:00
usual2970	10e14caf35	Merge pull request #285 from LeoChen98/fix-tencent-cos-locales-loss fix: tencent cos ui locales loss	2024-10-31 08:15:04 +08:00
Fu Diwei	59af246479	refactor: clean code	2024-10-30 19:37:44 +08:00
Leo Chen	1f52eaca01	fix: tencent cos ui locales loss	2024-10-30 17:09:11 +08:00
yoan	d833f4b5ff	fix cos region validate	2024-10-30 16:08:32 +08:00
yoan	bfee39049d	Merge branch 'LeoChen98-feat-add-netsh-preset'	2024-10-30 12:29:07 +08:00
yoan	b4599df6c6	code format	2024-10-30 12:28:59 +08:00
yoan	261c6f6956	Merge branch 'feat-add-netsh-preset' of github.com:LeoChen98/certimate into LeoChen98-feat-add-netsh-preset	2024-10-30 12:26:06 +08:00
yoan	b97d77c848	Fix the issue where long domain names or titles overlap the next column.	2024-10-30 11:57:16 +08:00
yoan	c1cefe0e7f	v0.2.11	2024-10-30 11:07:59 +08:00
yoan	55b77fdf5c	Fix the issue where the deployment type could not be selected	2024-10-30 11:03:41 +08:00
yoan	16967c4ab1	fix tencent cdn deploy	2024-10-30 09:31:51 +08:00
yoan	61a4fd8657	v0.2.10	2024-10-30 07:04:05 +08:00
Leo Chen	67ca7e3097	feat: add netsh preset 新增本地Windows下使用netsh绑定证书的预设	2024-10-29 21:43:20 +08:00
Fu Diwei	26fa8e75bd	refactor: clean code	2024-10-29 21:32:48 +08:00
Fu Diwei	aeaa45b713	Merge branch 'main' into feat/cloud-load-balance	2024-10-29 09:12:39 +08:00
yoan	edeac86f06	Merge branch 'fudiwei-feat/multiple-certificate-formats'	2024-10-29 08:46:06 +08:00
yoan	4e0c23165f	fix conflict	2024-10-29 08:45:51 +08:00
usual2970	feb851a3fc	Merge pull request #273 from LeoChen98/enhance-tencent-cdn-dupe-deploy enhance: resolve error on tencent cdn dupe deployment	2024-10-29 08:39:57 +08:00
usual2970	3103d60508	Merge pull request #274 from PittyXu/feat/k8s fix: k8s部署更新报错	2024-10-29 08:39:15 +08:00
usual2970	53be6b5f5b	Merge pull request #272 from LeoChen98/feat-add-mail-push feat: add mail push	2024-10-29 08:38:10 +08:00
usual2970	9d3e0d1090	Merge pull request #278 from usual2970/feat/searchable_select feat: Searchable when selecting authorization type	2024-10-29 08:37:53 +08:00
yoan	f8aef129cf	Searchable when selecting authorization type	2024-10-28 22:52:25 +08:00
Leo Chen	c419b2c8b4	use slice pkg	2024-10-28 20:28:13 +08:00
Fu Diwei	e1a3a3e7c7	refactor: clean code	2024-10-28 14:15:33 +08:00
Fu Diwei	b47a1a13cb	feat: support jks format	2024-10-28 11:49:44 +08:00
徐雪君	3397f424bc	fix: k8s部署更新报错 #266	2024-10-28 11:15:08 +08:00
yoan	48672d1a44	v0.2.9	2024-10-28 08:48:30 +08:00
Leo Chen	38dc8a63d9	enhance: resolve error on tencent cdn dupe deployment 优化：腾讯云cdn重复部署报错的问题	2024-10-27 23:48:52 +08:00
Fu Diwei	009e8fb976	feat: preset scripts on deployment to local	2024-10-27 21:10:19 +08:00
Fu Diwei	6d7a91f49b	refactor: clean code	2024-10-27 20:44:38 +08:00
yoan	9d4d14db06	Update README.md	2024-10-27 20:42:47 +08:00
Leo Chen	c9f347f77a	fix mail push onchange	2024-10-27 20:27:46 +08:00
Leo Chen	0396d8222e	feat: add mail push 新增电子邮箱推送	2024-10-27 20:21:34 +08:00
Fu Diwei	305f3de50f	Merge branch 'main' into feat/multiple-certificate-formats	2024-10-27 20:17:04 +08:00
yoan	ffacfe0f42	Merge branch 'LeoChen98-feat-serverchan-push-tube'	2024-10-27 09:18:46 +08:00
yoan	be9e66c7d3	Merge branch 'feat-serverchan-push-tube' of github.com:LeoChen98/certimate into LeoChen98-feat-serverchan-push-tube	2024-10-27 09:15:12 +08:00
yoan	1238508bdb	Merge branch 'fudiwei-feat/cloud-load-balance'	2024-10-27 09:12:05 +08:00
yoan	1ab5c4035a	fix conflict	2024-10-27 09:10:12 +08:00
yoan	67fa9d91bf	Merge branch 'PittyXu-feat/k8s'	2024-10-27 08:38:44 +08:00
yoan	dc5f9abf20	detail ajustments	2024-10-27 08:37:42 +08:00
yoan	7240a42fbc	Merge branch 'feat/k8s' of github.com:PittyXu/certimate into PittyXu-feat/k8s	2024-10-27 08:35:36 +08:00
yoan	6fbb6d4992	Merge branch 'LeoChen98-feat-tecent-ecdn-teo-deploy'	2024-10-27 08:33:00 +08:00
yoan	86838f305b	detail ajustments	2024-10-27 08:32:48 +08:00
yoan	1b1b5939c5	Merge branch 'feat-tecent-ecdn-teo-deploy' of github.com:LeoChen98/certimate into LeoChen98-feat-tecent-ecdn-teo-deploy	2024-10-27 08:07:48 +08:00
Leo Chen	ffdd61b5ee	feat: add ServerChan notifier 新增Server酱通知	2024-10-27 04:01:42 +08:00
Fu Diwei	adad5d86ba	feat: support specified format on deployment to local/ssh	2024-10-27 00:19:34 +08:00
Fu Diwei	e7870e2b05	feat: support specified shell on deployment to local	2024-10-26 22:22:28 +08:00
徐雪君	548cbbfdd4	feat: k8s部署支持ServiceAccount权限	2024-10-26 22:15:16 +08:00
Fu Diwei	da4715e6dc	fix: fix aliyun nlb endpoint	2024-10-26 13:18:15 +08:00
Fu Diwei	506ab4f18e	feat: support quic listener in deployment to aliyun alb	2024-10-26 13:15:01 +08:00
Fu Diwei	d87026d5be	feat: add aliyun nlb deployer	2024-10-26 12:52:55 +08:00
Fu Diwei	1690963aaf	feat: add aliyun alb deployer	2024-10-26 12:40:45 +08:00
Fu Diwei	20d2c5699c	feat: add aliyun clb deployer	2024-10-26 00:31:38 +08:00
Fu Diwei	e660e9cad1	feat: add aliyun slb uploader	2024-10-25 23:13:33 +08:00
Fu Diwei	26d7b0ba03	refactor: clean code	2024-10-25 23:03:52 +08:00
Leo Chen	ee097b3135	update README for tencent TEO support	2024-10-25 22:21:30 +08:00
Leo Chen	f5052e9a58	fix the missing parentheses	2024-10-25 22:18:40 +08:00
Leo Chen	3b3376899c	add feat: tencent TEO deploy support 新增腾讯TEO（Edge One）部署方式	2024-10-25 22:16:27 +08:00
Leo Chen	a24a3595fa	feat: add tencent ECDN deploy	2024-10-25 18:47:41 +08:00
Leo Chen	6a14d801f1	fix type incompatible error	2024-10-25 18:32:45 +08:00
yoan	332c5c5127	fix error type	2024-10-25 18:32:32 +08:00
usual2970	f9568f1a4a	Merge pull request #254 from fudiwei/feat/cloud-load-balance feat: huaweicloud elb deployer	2024-10-25 17:43:11 +08:00
usual2970	b458720dca	Merge pull request #257 from belier-cn/main feat: keep qiniu cdn https configuration	2024-10-25 16:16:20 +08:00
belier	935a320100	feat: keep qiniu cdn https configuration	2024-10-25 14:45:48 +08:00
Fu Diwei	024b3c936e	Merge branch 'main' into feat/cloud-load-balance	2024-10-24 22:45:25 +08:00
Fu Diwei	dc720a5d99	feat: add huaweicloud elb deployer	2024-10-24 22:37:55 +08:00
Fu Diwei	af3e20709d	refactor: clean code	2024-10-24 21:42:39 +08:00
Fu Diwei	ee531dd186	fix: aliyun oss deploy config validation error	2024-10-24 20:49:51 +08:00
Fu Diwei	cea6be37dc	feat: allow set a different region on deployment to huaweicloud cdn	2024-10-24 20:16:23 +08:00
				`@@ -0,0 +1 @@`
				<svg class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="1684" width="200" height="200"><path d="M482.687 74.101c10.109-5.627 19.662-12.497 30.785-15.998 8.506-2.192 16.685 2.323 23.883 6.38 117.253 68.08 235.062 135.312 352.118 203.753-40.338 22.115-79.662 46.063-119.805 68.506-27.677 15.148-62.814 13.74-89.771-2.388-48.289-28.135-96.871-55.78-145.127-84.014-8.997-5.692-21.232-5.889-30.654-1.21-49.728 28.724-99.456 57.58-149.282 86.173-27.056 15.834-61.963 15.867-89.314 0.687a26252.906 26252.906 0 0 1-113.785-65.628c-0.229-1.178-0.72-3.533-0.949-4.744 110.776-63.533 221.256-127.722 331.9-191.517z" fill="#72AF2D" p-id="1685"></path><path d="M115.552 719.744c0.49-135.148-0.622-270.329 0.556-405.477 32.617 19.367 65.595 38.08 98.441 57.088 12.76 7.427 26.27 14.199 36.74 24.864 15.769 16.39 26.042 38.67 25.845 61.637 0.033 54.57 0.131 109.172-0.065 163.774-1.047 12.203 3.304 25.65 14.493 31.963 40.567 23.72 81.396 47.045 122.095 70.6 14.362 8.638 29.771 15.9 42.4 27.057 18.156 17.11 28.756 41.777 29.116 66.707-0.033 44.559-0.196 89.15 0.066 133.709-10.175-3.468-18.877-9.848-28.201-14.984-108.55-62.716-217.167-125.366-325.652-188.148-10.207-5.66-17.143-16.947-15.834-28.79z" fill="#118CCF" p-id="1686"></path><path d="M815.143 367.397c30.753-17.47 61.015-35.824 92.095-52.705 0.196 135.017-0.066 270.035 0.13 405.052 0.819 11.582-5.3 23.163-15.637 28.627-110.416 63.86-220.896 127.558-331.312 191.386-7.328 4.45-14.722 8.8-22.508 12.432-0.098-44.82 0.065-89.64-0.098-134.428-0.426-31.538 17.47-62.16 44.558-78.06 49.074-28.43 98.245-56.664 147.286-85.159 8.245-4.515 15.311-13.053 14.919-22.9 0.13-55.683 0.065-111.398 0-167.08-0.033-23.784 8.048-47.732 24.21-65.398 12.497-14.362 30.36-22.083 46.357-31.767z" fill="#DA4525" p-id="1687"></path></svg>