bump version to v0.3.16

Merge pull request #761 from fudiwei/feat/providers
new providers
2025-06-03 23:50:48 +08:00 · 2025-06-03 23:48:27 +08:00 · 2025-06-03 23:48:13 +08:00 · 2025-06-03 23:45:00 +08:00 · 2025-06-03 23:39:48 +08:00 · 2025-06-03 23:39:48 +08:00
752 changed files with 35570 additions and 7718 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -10,5 +10,7 @@ trim_trailing_whitespace = true
 insert_final_newline = true
 [*.go]
 charset = utf-8
 end_of_line = lf
 indent_size = 2
 indent_style = tab
--- a/.github/ISSUE_TEMPLATE/1-bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1-bug_report.yml
@@ -0,0 +1,80 @@
 name: "🐞 Bug Report"
 description: "报告缺陷来帮助我们完善。 / Create a report to help us improve."
 title: "[Bug] 简要描述你发现的缺陷"
 labels:
  - bug
 body:
  - type: markdown
    attributes:
      value: |
        ## Welcome!
        **在提交 Issue 之前，请确认以下事项**：
        1. 我**确认**已尝试过使用当前最新版本，并能复现问题。由于开发者精力有限，非当前最新版本的问题将被直接关闭，感谢理解。
        2. 我**确认**已搜索过[已有的 Issues](https://github.com/usual2970/certimate/issues)（包括已关闭的），没有类似的问题。
        3. 我**确认**已阅读过[文档](https://docs.certimate.me/)，没有类似的问题。
        4. 请**务必**按照模板规范详细描述问题，否则 Issue 将会被直接关闭。
        5. 请保持每个 Issue 只包含一个缺陷报告。如果有多个缺陷，请分别提交 Issue。
        **Before you submit the issue, please make sure of the following checklist**:
        1. Yes, I'm using the latest release and can reproduce the issue. Issues that are not in the latest version will be closed directly.
        2. Yes, I've searched for [existing issues](https://github.com/usual2970/certimate/issues) (including closed ones) on GitHub and didn't find any similar.
        3. Yes, I've read the [documentation](https://docs.certimate.me/en/) and didn't find any similar.
        4. Please describe the problem in detail according to the template specification, otherwise the issue will be closed directly.
        5. Please limit one report per issue.
  - type: input
    attributes:
      label: 软件版本 / Release Version
      description: 请提供 Certimate 的具体版本（请不要填写 `latest` 之类的无效版本号）。 / Please provide the specific version of Certimate.
      placeholder: (e.g. v1.0.0)
    validations:
      required: true
  - type: textarea
    attributes:
      label: 缺陷描述 / Description
      description: 请详细清晰地描述你发现的缺陷或故障，如果可能请上传截图。 / Describe the bug you found in detail and clearly, and upload screenshots if possible.
    validations:
      required: true
  - type: textarea
    attributes:
      label: 复现步骤 / Steps to reproduce
      description: 请提供可复现的完整步骤。 / Please walk us through it step by step.
      placeholder: |
        1. ...
        2. ...
        3. ...
        ...
    validations:
      required: true
  - type: textarea
    attributes:
      label: 日志 / Logs
      description: 在此处添加日志信息（如果有的话）。 / Add logs here if available.
      value: |-
        <details>
        ```console
        # 请在此粘贴日志 / Paste logs here
        ```
        </details>
    validations:
      required: false
  - type: textarea
    attributes:
      label: 其他 / Miscellaneous
      description: 在此处添加关于该 Issue 的任何其他信息。 / Add any other context about the issue here.
    validations:
      required: false
  - type: checkboxes
    attributes:
      label: 贡献 / Contribution
      options:
        - label: 我乐意为此贡献代码！ / I am interested in contributing to this issue!
          required: false
--- a/.github/ISSUE_TEMPLATE/2-feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/2-feature_request.yml
@@ -0,0 +1,52 @@
 name: "💡 Feature Request"
 description: "提出新功能请求或改进意见。 / Suggest an idea for this project."
 title: "[Feature] 简要描述你希望实现的功能"
 labels:
  - enhancement
 body:
  - type: markdown
    attributes:
      value: |
        ## Welcome!
        **在提交 Issue 之前，请确认以下事项**：
        1. 我**确认**是基于当前最新大版本而提出的新功能请求或改进意见。
        2. 我**确认**已搜索过[已有的 Issues](https://github.com/usual2970/certimate/issues)（包括已关闭的），没有类似的问题。
        3. 我**确认**已阅读过[文档](https://docs.certimate.me/)，没有类似的问题。
        4. 请**务必**按照模板规范详细描述问题，否则 Issue 将会被直接关闭。
        5. 请保持每个 Issue 只包含一个功能请求。如果有多个需求，请分别提交 Issue。
        **Before you submit the issue, please make sure of the following checklist**:
        1. Yes, I'm using the latest release.
        2. Yes, I've searched for [existing issues](https://github.com/usual2970/certimate/issues) (including closed ones) on GitHub and didn't find any similar.
        3. Yes, I've read the [documentation](https://docs.certimate.me/en/) and didn't find any similar.
        4. Please describe the problem in detail according to the template specification, otherwise the issue will be closed directly.
        5. Please limit one request per issue.
  - type: textarea
    attributes:
      label: 功能描述 / Description
      description: 请详细清晰地描述你希望添加的功能，如果可能请上传截图。 / Describe the feature you'd like to add in detail and clearly, and upload screenshots if possible.
    validations:
      required: true
  - type: textarea
    attributes:
      label: 请求动机 / Motivation
      description: 为什么这个功能对项目有帮助？ / Why is this feature helpful to the project?
    validations:
      required: true
  - type: textarea
    attributes:
      label: 其他 / Miscellaneous
      description: 在此处添加关于该 Issue 的任何其他信息（新增提供商请求请补充 API 文档链接等资料）。 / Add any other context about the problem here.
    validations:
      required: false
  - type: checkboxes
    attributes:
      label: 贡献 / Contribution
      options:
        - label: 我乐意为此贡献代码！ / I am interested in contributing to this issue!
          required: false
--- a/.github/ISSUE_TEMPLATE/3-questions.yml
+++ b/.github/ISSUE_TEMPLATE/3-questions.yml
@@ -0,0 +1,44 @@
 name: "❓ Questions"
 description: "遇到了困难需要求助？ / Have problem in use and need help?"
 title: "简要描述你遇到的问题"
 body:
  - type: markdown
    attributes:
      value: |
        ## Welcome!
        **在提交 Issue 之前，请确认以下事项**：
        1. 我**确认**正在使用的是当前最新版本。
        2. 我**确认**已搜索过[已有的 Issues](https://github.com/usual2970/certimate/issues)（包括已关闭的），没有类似的问题。
        3. 我**确认**已阅读过[文档](https://docs.certimate.me/)，没有类似的问题。
        4. 请**务必**按照模板规范详细描述问题，否则 Issue 将会被直接关闭。
        5. 请保持每个 Issue 只包含一个问题求助。如果有多个问题，请分别提交 Issue。
        **Before you submit the issue, please make sure of the following checklist**:
        1. Yes, I'm using the latest release.
        2. Yes, I've searched for [existing issues](https://github.com/usual2970/certimate/issues) (including closed ones) on GitHub and didn't find any similar.
        3. Yes, I've read the [documentation](https://docs.certimate.me/en/) and didn't find any similar.
        4. Please describe the problem in detail according to the template specification, otherwise the issue will be closed directly.
        5. Please limit one question per issue.
  - type: input
    attributes:
      label: 软件版本 / Release Version
      description: 请提供 Certimate 的具体版本（请不要填写 `latest` 之类的无效版本号）。 / Please provide the specific version of Certimate.
      placeholder: (e.g. v1.0.0)
    validations:
      required: true
  - type: textarea
    attributes:
      label: 问题描述 / Description
      description: 请详细清晰地描述你遇到的问题，如果可能请上传截图。 / Describe the problem you encountered in detail and clearly, and upload screenshots if possible.
    validations:
      required: true
  - type: textarea
    attributes:
      label: 其他 / Miscellaneous
      description: 在此处添加关于该问题的任何其他信息。 / Add any other context about the problem here.
    validations:
      required: false
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,33 +0,0 @@
 ---
 name: Bug report
 about: 创建一个报告来帮助我们改进
 title: "[Bug] 标题简要描述问题"
 labels: bug
 assignees: ""
 ---
 **描述问题**
 简要描述问题是什么，1 个 ISSUE 只描述一个问题。 
 **复现步骤**
 复现该问题的步骤：
 1. 去到 '...'
 2. 点击 '...'
 3. 滚动到 '...'
 4. 发现问题
 **期望的结果**
 简要描述你期望发生的事情。
 **截图**
 如有可能，请添加截图以帮助解释问题。
 **环境**
 - 操作系统: [e.g. Windows, macOS]
 - 浏览器: [e.g. Chrome, Safari]
 - 仓库版本: [e.g. v1.0.0]
 **其他信息**
 在此处添加关于该问题的任何其他信息。
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
-  - name: 加入频道讨论
+  - name: "🌐 加入频道讨论"
-    url: https://t.me/+ZXphsppxUg41YmVl
+    about: "加入到电报频道寻求更多帮助。 / Join in our Telegram channel."
-    about: 加入到电报频道寻求更多帮助
+    url: "https://t.me/+ZXphsppxUg41YmVl"
  - name: "📖 常见问题"
    about: "请先阅读文档 FAQ，可能会有你需要的答案。 / Please take a look to FAQs."
    url: "https://docs.certimate.me/docs/reference/faq"
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,19 +0,0 @@
 ---
 name: Feature request
 about: 提出一个新功能请求
 title: "[Feature] 简要描述你希望实现的功能"
 labels: enhancement
 assignees: ""
 ---
 **功能描述**
 简要描述你希望添加的功能和相关问题，1 个 ISSUE 只描述一个功能。
 **动机**
 为什么这个功能对项目有帮助？
 **替代方案**
 描述你已经考虑过的替代方案。
 **其他信息**
 在这里添加任何相关的附加信息或截图。
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Base Build
+name: Release
 on:
  push:
@@ -22,16 +22,31 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
-          go-version: ">=1.23.0"
+          go-version-file: "go.mod"
      # - name: Install upx (optional)
      #   run: |
      #     sudo apt-get update
      #     sudo apt-get install -y upx
      - name: Build WebUI
-        run: npm --prefix=./ui ci && npm --prefix=./ui run build
+        run: |
          npm --prefix=./ui ci
          npm --prefix=./ui run build
          npm cache clean --force
          rm -rf ./ui/node_modules
      - name: Check disk usage
        run: |
          df -h
          du -sh /opt/hostedtoolcache/go/*
      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -30,13 +30,16 @@ builds:
      - goos: darwin
        goarch: arm
 # upx:
 #   - enabled: true
 release:
  draft: true
 archives:
  - id: archive_noncgo
    builds: [build_noncgo]
-    format: zip
+    format: "zip"
    files:
      - CHANGELOG.md
      - LICENSE.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,7 +9,7 @@
 ## 前提条件
- Go 1.22+ (用于修改 Go 代码)
+- Go 1.24+ (用于修改 Go 代码)
 - Node 20+ (用于修改 UI)
 如果还没有这样做，你可以 fork Certimate 的主仓库，并克隆到本地以便进行修改：
--- a/CONTRIBUTING_EN.md
+++ b/CONTRIBUTING_EN.md
@@ -9,7 +9,7 @@ Thank you for taking the time to improve Certimate! Below is a guide for submitt
 ## Prerequisites
- Go 1.22+ (for Go code changes)
+- Go 1.24+ (for Go code changes)
 - Node 20+ (for Admin UI changes)
 If you haven't done so already, you can fork the Certimate repository and clone your fork to work locally:
--- a/21
+++ b/21
@@ -1,33 +1,24 @@
-FROM node:20-alpine3.19 AS front-builder
+FROM node:20-alpine3.19 AS webui-builder
 WORKDIR /app
 COPY . /app/
 RUN \
  cd /app/ui && \
  npm install && \
  npm run build
 FROM golang:1.23-alpine AS builder
 FROM golang:1.24-alpine AS builder
 WORKDIR /app
 COPY ../. /app/
 RUN rm -rf /app/ui/dist
-
+COPY --from=webui-builder /app/ui/dist /app/ui/dist
-COPY --from=front-builder /app/ui/dist /app/ui/dist
+ENV CGO_ENABLED=0
-
+RUN go build -ldflags="-s -w" -o certimate
 RUN go build -o certimate
 FROM alpine:latest
 WORKDIR /app
 COPY --from=builder /app/certimate .
-
+ENTRYPOINT ["./certimate", "serve", "--http", "0.0.0.0:8090"]
 ENTRYPOINT ["./certimate", "serve", "--http", "0.0.0.0:8090"]
--- a/3
+++ b/3
@@ -21,7 +21,8 @@ $(OS_ARCH):
 	@mkdir -p $(BUILD_DIR)
 	GOOS=$(word 1,$(subst /, ,$@)) \
 	GOARCH=$(word 2,$(subst /, ,$@)) \
-	go build -o $(BUILD_DIR)/$(BINARY_NAME)_$(word 1,$(subst /, ,$@))_$(word 2,$(subst /, ,$@)) -ldflags="-X main.version=$(VERSION)" .
+	CGO_ENABLED=0 \
 	go build -o $(BUILD_DIR)/$(BINARY_NAME)_$(word 1,$(subst /, ,$@))_$(word 2,$(subst /, ,$@)) -ldflags="-X main.version=$(VERSION) -s -w" .
 # 清理构建文件
 clean:
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@
 做个人产品或者在中小企业里负责运维的同学，会遇到要管理多个域名的情况，需要给域名申请证书。但是手动申请证书有以下缺点：
- 😱 麻烦：申请证书并部署到服务的流程虽不复杂，但也挺麻烦的，犹其是你有多个域名需要维护的时候。
+- 😱 麻烦：申请证书并部署到服务的流程虽不复杂，但也挺麻烦的，尤其是你有多个域名需要维护的时候。
 - 😭 易忘：另外当前免费证书的有效期只有 90 天，这就要求你定期的操作，增加了工作量的同时，你也很容易忘掉续期，从而导致网站访问不了。
 Certimate 就是为了解决上述问题而产生的，它具有以下优势：
@@ -38,10 +38,10 @@ Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决
 - 灵活的工作流编排方式，证书从申请到部署完全自动化；
 - 支持单域名、多域名、泛域名证书，可选 RSA、ECC 签名算法；
 - 支持 PEM、PFX、JKS 等多种格式输出证书；
- 支持 20+ 域名托管商（如阿里云、腾讯云、Cloudflare 等，[点此查看](https://docs.certimate.me/docs/reference/providers#supported-dns-providers)完整提供商清单）；
+- 支持 30+ 域名托管商（如阿里云、腾讯云、Cloudflare 等，[点此查看完整清单](https://docs.certimate.me/docs/reference/providers#supported-dns-providers)）；
- 支持 60+ 部署目标（如 Kubernetes、CDN、WAF、负载均衡等，[点此查看](https://docs.certimate.me/docs/reference/providers#supported-host-providers)完整提供商清单）；
+- 支持 90+ 部署目标（如 Kubernetes、CDN、WAF、负载均衡等，[点此查看完整清单](https://docs.certimate.me/docs/reference/providers#supported-hosting-providers)）；
 - 支持邮件、钉钉、飞书、企业微信、Webhook 等多种通知渠道；
- 支持 Let's Encrypt、ZeroSSL、Google Trust Services 等多种 ACME 证书颁发机构；
+- 支持 Let's Encrypt、Buypass、Google Trust Services、SSL.com、ZeroSSL 等多种 ACME 证书颁发机构；
 - 更多特性等待探索。
 ## ⏱️ 快速启动
@@ -71,7 +71,7 @@ Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决
 相关文章：
- [使用 CNAME 实现 DNS-01 challenge](https://docs.certimate.me/blog/cname)
+- [使用 CNAME 完成 ACME DNS-01 质询](https://docs.certimate.me/blog/cname)
 - [v0.3.0：第二个不向后兼容的大版本](https://docs.certimate.me/blog/v0.3.0)
 - [v0.2.0：第一个不向后兼容的大版本](https://docs.certimate.me/blog/v0.2.0)
 - [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
--- a/README_EN.md
+++ b/README_EN.md
@@ -38,10 +38,10 @@ Certimate aims to provide users with a secure and user-friendly SSL certificate
 - Flexible workflow orchestration, fully automation from certificate application to deployment;
 - Supports single-domain, multi-domain, wildcard certificates, with options for RSA or ECC.
 - Supports various certificate formats such as PEM, PFX, JKS.
- Supports more than 20+ domain registrars (e.g., Alibaba Cloud, Tencent Cloud, Cloudflare, etc. [Check out this link](https://docs.certimate.me/en/docs/reference/providers#supported-dns-providers));
+- Supports more than 30+ domain registrars (e.g., Alibaba Cloud, Tencent Cloud, Cloudflare, etc. [Check out this link](https://docs.certimate.me/en/docs/reference/providers#supported-dns-providers));
- Supports more than 60+ deployment targets (e.g., Kubernetes, CDN, WAF, load balancers, etc. [Check out this link](https://docs.certimate.me/en/docs/reference/providers#supported-host-providers));
+- Supports more than 90+ deployment targets (e.g., Kubernetes, CDN, WAF, load balancers, etc. [Check out this link](https://docs.certimate.me/en/docs/reference/providers#supported-hosting-providers));
 - Supports multiple notification channels including email, DingTalk, Feishu, WeCom, Webhook, and more;
- Supports multiple ACME CAs including Let's Encrypt, ZeroSSL, Google Trust Services, and more;
+- Supports multiple ACME CAs including Let's Encrypt, Buypass, Google Trust Services，SSL.com, ZeroSSL, and more;
 - More features waiting to be discovered.
 ## ⏱️ Fast Track
@@ -69,7 +69,7 @@ Please visit the documentation site [docs.certimate.me](https://docs.certimate.m
 Related articles:
- [使用 CNAME 实现 DNS-01 challenge](https://docs.certimate.me/blog/cname)
+- [使用 CNAME 完成 ACME DNS-01 质询](https://docs.certimate.me/blog/cname)
 - [v0.3.0：第二个不向后兼容的大版本](https://docs.certimate.me/blog/v0.3.0)
 - [v0.2.0：第一个不向后兼容的大版本](https://docs.certimate.me/blog/v0.2.0)
 - [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
--- a/go.mod
+++ b/go.mod
@@ -1,88 +1,97 @@
 module github.com/usual2970/certimate
-go 1.23.0
+go 1.24.0
-toolchain go1.23.2
+toolchain go1.24.3
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.0
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azcertificates v0.9.0
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.1
-	github.com/G-Core/gcorelabscdn-go v1.0.28
+	github.com/Edgio/edgio-api v0.0.0-workspace
 	github.com/G-Core/gcorelabscdn-go v1.0.31
 	github.com/alibabacloud-go/alb-20200616/v2 v2.2.8
 	github.com/alibabacloud-go/apig-20240327/v3 v3.2.2
 	github.com/alibabacloud-go/cas-20200407/v3 v3.0.4
 	github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2
-	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
+	github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.4
-	github.com/alibabacloud-go/esa-20240910/v2 v2.23.0
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.7
-	github.com/alibabacloud-go/fc-20230330/v4 v4.1.7
+	github.com/alibabacloud-go/ddoscoo-20200101/v4 v4.0.0
 	github.com/alibabacloud-go/esa-20240910/v2 v2.33.0
 	github.com/alibabacloud-go/fc-20230330/v4 v4.3.5
 	github.com/alibabacloud-go/fc-open-20210406/v2 v2.0.12
 	github.com/alibabacloud-go/ga-20191120/v3 v3.1.8
 	github.com/alibabacloud-go/live-20161101 v1.1.1
 	github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3
 	github.com/alibabacloud-go/slb-20140515/v4 v4.0.10
-	github.com/alibabacloud-go/tea v1.3.4
+	github.com/alibabacloud-go/tea v1.3.9
-	github.com/alibabacloud-go/vod-20170321/v4 v4.7.0
+	github.com/alibabacloud-go/vod-20170321/v4 v4.8.4
-	github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.5
+	github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.1.3
 	github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
-	github.com/aws/aws-sdk-go-v2/service/acm v1.31.1
+	github.com/aws/aws-sdk-go-v2/service/acm v1.32.0
-	github.com/aws/aws-sdk-go-v2/service/cloudfront v1.45.2
+	github.com/aws/aws-sdk-go-v2/service/cloudfront v1.46.1
-	github.com/baidubce/bce-sdk-go v0.9.221
+	github.com/baidubce/bce-sdk-go v0.9.228
-	github.com/byteplus-sdk/byteplus-sdk-golang v1.0.42
+	github.com/blinkbean/dingtalk v1.1.3
-	github.com/go-acme/lego/v4 v4.22.2
+	github.com/byteplus-sdk/byteplus-sdk-golang v1.0.46
 	github.com/go-acme/lego/v4 v4.23.1
 	github.com/go-lark/lark v1.16.0
 	github.com/go-resty/resty/v2 v2.16.5
 	github.com/go-viper/mapstructure/v2 v2.2.1
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.141
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.150
 	github.com/jdcloud-api/jdcloud-sdk-go v1.64.0
 	github.com/libdns/dynv6 v1.0.0
 	github.com/libdns/libdns v0.2.3
-	github.com/nikoksr/notify v1.3.0
+	github.com/luthermonson/go-proxmox v0.2.2
 	github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0
-	github.com/pkg/sftp v1.13.8
+	github.com/pkg/sftp v1.13.9
 	github.com/pocketbase/dbx v1.11.0
-	github.com/pocketbase/pocketbase v0.26.1
+	github.com/pocketbase/pocketbase v0.28.2
-	github.com/povsister/scp v0.0.0-20240802064259-28781e87b246
+	github.com/povsister/scp v0.0.0-20250504051308-e467f71ea63c
-	github.com/qiniu/go-sdk/v7 v7.25.2
+	github.com/qiniu/go-sdk/v7 v7.25.3
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1115
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1155
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1127
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1166
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1127
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1173
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1117
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1150
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.1115
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.1172
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1124
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1169
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1126
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1166
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.1115
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.1164
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1125
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170
-	github.com/ucloud/ucloud-sdk-go v0.22.31
+	github.com/ucloud/ucloud-sdk-go v0.22.41
-	github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.9
+	github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.12
-	github.com/volcengine/volc-sdk-golang v1.0.199
+	github.com/volcengine/volc-sdk-golang v1.0.208
-	github.com/volcengine/volcengine-go-sdk v1.0.187
+	github.com/volcengine/volcengine-go-sdk v1.1.8
 	gitlab.ecloud.com/ecloud/ecloudsdkclouddns v1.0.1
 	gitlab.ecloud.com/ecloud/ecloudsdkcore v1.0.0
-	golang.org/x/crypto v0.36.0
+	golang.org/x/crypto v0.38.0
-	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
+	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
-	k8s.io/api v0.32.3
+	k8s.io/api v0.33.1
-	k8s.io/apimachinery v0.32.3
+	k8s.io/apimachinery v0.33.1
-	k8s.io/client-go v0.32.3
+	k8s.io/client-go v0.33.1
 	software.sslmate.com/src/go-pkcs12 v0.5.0
 )
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
 	github.com/alibabacloud-go/alibabacloud-gateway-fc-util v0.0.7 // indirect
 	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
 	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
-	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
+	github.com/alibabacloud-go/tea-oss-sdk v1.1.5 // indirect
 	github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
 	github.com/alibabacloud-go/tea-utils/v2 v2.0.7 // indirect
 	github.com/avast/retry-go v3.0.0+incompatible // indirect
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.48.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/iam v1.42.0 // indirect
-	github.com/blinkbean/dingtalk v1.1.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.50.0 // indirect
 	github.com/buger/goterm v1.0.4 // indirect
 	github.com/diskfs/go-diskfs v1.5.0 // indirect
 	github.com/djherbis/times v1.6.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-lark/lark v1.15.1 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
@@ -91,27 +100,32 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.16.0 // indirect
 	github.com/go-sql-driver/mysql v1.8.1 // indirect
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/jinzhu/copier v0.3.4 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/magefile/mage v1.14.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
 	github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 // indirect
 	github.com/nrdcg/desec v0.10.0 // indirect
 	github.com/nrdcg/mailinabox v0.2.0 // indirect
 	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/peterhellberg/link v1.2.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/qiniu/dyn v1.3.0 // indirect
 	github.com/qiniu/x v1.10.5 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
 	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.mongodb.org/mongo-driver v1.17.2 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
@@ -119,15 +133,16 @@ require (
 	gopkg.in/ns1/ns1-go.v2 v2.13.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 require (
-	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
 	github.com/alibabacloud-go/dcdn-20180115/v3 v3.5.0
 	github.com/alibabacloud-go/debug v1.0.1 // indirect
@@ -135,35 +150,35 @@ require (
 	github.com/alibabacloud-go/openapi-util v0.1.1 // indirect
 	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.63.83 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.63.100 // indirect
-	github.com/aliyun/credentials-go v1.4.3 // indirect
+	github.com/aliyun/credentials-go v1.4.6 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.36.3
-	github.com/aws/aws-sdk-go-v2/config v1.29.5
+	github.com/aws/aws-sdk-go-v2/config v1.29.9
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.58
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.62
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect
 	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/cloudflare/cloudflare-go v0.114.0 // indirect
+	github.com/cloudflare/cloudflare-go v0.115.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/disintegration/imaging v1.6.2 // indirect
 	github.com/domodwyer/mailyak/v3 v3.6.2
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/fatih/color v1.18.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
-	github.com/ganigeorgiev/fexpr v0.4.1 // indirect
+	github.com/ganigeorgiev/fexpr v0.5.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0 // indirect
-	github.com/goccy/go-json v0.10.4 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.6.0
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -172,40 +187,39 @@ require (
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.62 // indirect
+	github.com/miekg/dns v1.1.64 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nrdcg/namesilo v0.2.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/pkg/errors v0.9.1
+	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/spf13/cast v1.8.0 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/spf13/cobra v1.9.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1128 // indirect
 	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1084 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
-	golang.org/x/image v0.25.0 // indirect
+	golang.org/x/image v0.27.0 // indirect
 	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/net v0.40.0 // indirect
-	golang.org/x/oauth2 v0.28.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.12.0
+	golang.org/x/sync v0.14.0
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
-	golang.org/x/time v0.9.0
+	golang.org/x/time v0.11.0
-	golang.org/x/tools v0.31.0 // indirect
+	golang.org/x/tools v0.33.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.61.13 // indirect
+	modernc.org/libc v1.65.7 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
-	modernc.org/memory v1.8.2 // indirect
+	modernc.org/memory v1.11.0 // indirect
-	modernc.org/sqlite v1.36.1 // indirect
+	modernc.org/sqlite v1.37.1 // indirect
 )
-replace gitlab.ecloud.com/ecloud/ecloudsdkcore v1.0.0 => ./internal/pkg/vendors/cmcc-sdk/ecloudsdkcore@v1.0.0
+replace github.com/Edgio/edgio-api v0.0.0-workspace => ./internal/pkg/sdk3rd/edgio/edgio-api@v0.0.0-workspace
-replace gitlab.ecloud.com/ecloud/ecloudsdkclouddns v1.0.1 => ./internal/pkg/vendors/cmcc-sdk/ecloudsdkclouddns@v1.0.1
+replace gitlab.ecloud.com/ecloud/ecloudsdkcore v1.0.0 => ./internal/pkg/sdk3rd/cmcc/ecloudsdkcore@v1.0.0
 replace gitlab.ecloud.com/ecloud/ecloudsdkclouddns v1.0.1 => ./internal/pkg/sdk3rd/cmcc/ecloudsdkclouddns@v1.0.1
--- a/go.sum
+++ b/go.sum
@@ -34,18 +34,14 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 h1:F0gBpfdPLGsw+nsgk6aqqkZS1jiixa5WwFe3fk/T3Ys=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.0 h1:j8BorDEigD8UFOSZQiSqAMOOleyQOOQPnUAwV+Ls1gA=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2/go.mod h1:SqINnQ9lVVdRlyC8cd1lCI0SdX4n2paeABd2K8ggfnE=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.0/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azcertificates v0.9.0 h1:btEsytNrA4TG3edZnnUnzOz8W2MjOd6Bu3/7xyOXSOY=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azcertificates v0.9.0/go.mod h1:5SlTxxL1U4LLipEr7pAbnu6Ck5y3aIEu4L/tVbGmpsY=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw=
@@ -56,19 +52,23 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourceg
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.1 h1:HUJQzFYTv7t3V1dxPms52eEgl0l9xCNqutDrY45Lvmw=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.1/go.mod h1:ig/8nSkzmfxm5QGeIy5JYIEj8JEFy5JxvY3OB1YNRC4=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 h1:bFWuoEKg+gImo7pvkiQEFAc8ocibADgXeiLAxWhWmkI=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1/go.mod h1:Vih/3yc6yac2JzU4hzpaDupBJP0Flaia9rXXrU8xyww=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 h1:H5xDQaE3XowWfhZRUpnfC+rGZMEVoSiji+b+/HFAPU4=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
-github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/G-Core/gcorelabscdn-go v1.0.28 h1:6ymVMV3HPTICO5BWJCEcZZzgY+Pc/+/TQMzeXMN77GQ=
+github.com/G-Core/gcorelabscdn-go v1.0.31 h1:0ulvvM3yMDQ+Q5089tLsQxffL7I4pqf2bFCurU+DeHw=
-github.com/G-Core/gcorelabscdn-go v1.0.28/go.mod h1:iSGXaTvZBzDHQW+rKFS918BgFVpONcyLEijwh8WsXpE=
+github.com/G-Core/gcorelabscdn-go v1.0.31/go.mod h1:iSGXaTvZBzDHQW+rKFS918BgFVpONcyLEijwh8WsXpE=
 github.com/HdrHistogram/hdrhistogram-go v1.1.0/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
 github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
@@ -95,10 +95,14 @@ github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do2
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g=
 github.com/alibabacloud-go/apig-20240327/v3 v3.2.2 h1:yH84ePgqtA2tF3ly7Tf3AA5ogl2SC8kqCNG4+zz4yo4=
 github.com/alibabacloud-go/apig-20240327/v3 v3.2.2/go.mod h1:XLaCapbSH7olJTs42wisDO9JvX9BGy5acZk0bLNejDs=
 github.com/alibabacloud-go/cas-20200407/v3 v3.0.4 h1:ngRlctbt135zoujwX0lXSv9m4h1/bmg/yalQS0z1EWc=
 github.com/alibabacloud-go/cas-20200407/v3 v3.0.4/go.mod h1:6n9MZ9SH3HlSzfe2oKwjOqhJx3dxvW2gMDO+lq8t9U4=
 github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2 h1:+KJOPukTM+xMyiLOW5qBwYKG2df3Ar7coRsqc1juKO8=
 github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2/go.mod h1:GnPiPL3HlzCi8SGiLiVgKrAFkP1vTtcF4yGtjsl4wfo=
 github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.4 h1:SsyAoXM1R4J3I4xQdPW/rRW8cTo2KN440/4h/pGiwRQ=
 github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.4/go.mod h1:eUmD1G4BjEBOAHIeJrHJL7pyLGgXSRTPLjBmYY7uPEg=
 github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY=
 github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI=
 github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE=
@@ -108,15 +112,19 @@ github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+M
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.2/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.5/go.mod h1:kUe8JqFmoVU7lfBauaDD5taFaW7mBI+xVsyHutYtabg=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE=
-github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4 h1:IGSZHlOnWwBbLtX5xDplQvZOH0nkrV7Wmq+Fto7JK5w=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.11/go.mod h1:wHxkgZT1ClZdcwEVP/pDgYK/9HucsnCfMipmJgCz4xY=
-github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4/go.mod h1:Wxis0IBFusdbo44HO6KYYCJR1rRkoh47QQOYWvaheSU=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.7 h1:ASXSBga98QrGMxbIThCD6jAti09gedLfvry6yJtsoBE=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.7/go.mod h1:TBpgqm3XofZz2LCYjZhektGPU7ArEgascyzbm4SjFo4=
 github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
 github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ=
 github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo=
 github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
 github.com/alibabacloud-go/dcdn-20180115/v3 v3.5.0 h1:EQmKhYju6y38kJ1ZvZROeJG2Q1Wk6hlc8KQrVhvGyaw=
 github.com/alibabacloud-go/dcdn-20180115/v3 v3.5.0/go.mod h1:b9qzvr/2V1f0r1Z6xUmkLqEouKcPGy4LCC22yV+6HQo=
 github.com/alibabacloud-go/ddoscoo-20200101/v4 v4.0.0 h1:z9dPOvBRxzpD+FQ2uu/p2Z92I+PY9MUZMauwC+8AC6M=
 github.com/alibabacloud-go/ddoscoo-20200101/v4 v4.0.0/go.mod h1:Cdg3Fu4jFByamRzt3AkeiBssoVPRNDs+EPYMP2fIj78=
 github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY=
 github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
 github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA6GSbPg=
@@ -124,12 +132,14 @@ github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/ql
 github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
 github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8=
 github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
-github.com/alibabacloud-go/esa-20240910/v2 v2.23.0 h1:Z/AALmxhOfzN+35tNCvm62/pET4IlxhDQn4nsdLqNzk=
+github.com/alibabacloud-go/esa-20240910/v2 v2.33.0 h1:10IWxrMcF1W6/7BUJIJifrofduSG0wRFqDbRfIsR3Zw=
-github.com/alibabacloud-go/esa-20240910/v2 v2.23.0/go.mod h1:P1w/+i7dE2xSXVHJznEOVImlLtqqrzUJQQk2AsyBJ6o=
+github.com/alibabacloud-go/esa-20240910/v2 v2.33.0/go.mod h1:HZS5PmYJvcmH4vrJYuCvK3AnYzD9hLlO8CT0hgRyDXo=
-github.com/alibabacloud-go/fc-20230330/v4 v4.1.7 h1:rQvPfzPaouL/WGNgMDMCplA4wDscmVFff7aLCUkjv4g=
+github.com/alibabacloud-go/fc-20230330/v4 v4.3.5 h1:nDNjVzGwkQPbQnAuxAmxvS9x8QGLph8j0ptEdZDPGBA=
-github.com/alibabacloud-go/fc-20230330/v4 v4.1.7/go.mod h1:ssEfKO6MskPtq7QaQnyiOHGWLXOZcl7a8YIf8u56DGc=
+github.com/alibabacloud-go/fc-20230330/v4 v4.3.5/go.mod h1:vEJimQ6E/e+m2z0/oXdeQWlFw/Pi/Ar6NKcMrSvcILE=
 github.com/alibabacloud-go/fc-open-20210406/v2 v2.0.12 h1:A3D8Mp6qf8DfR6Dt5MpS8aDVaWfS4N85T5CvGUvgrjM=
 github.com/alibabacloud-go/fc-open-20210406/v2 v2.0.12/go.mod h1:F5c0E5UB3k8v6neTtw3FBcJ1YCNFzVoL1JPRHTe33u4=
 github.com/alibabacloud-go/ga-20191120/v3 v3.1.8 h1:5GF0PXijDhxRQ3gTg9Ee/CVPtglkxuVdz4yIQgYLPgw=
 github.com/alibabacloud-go/ga-20191120/v3 v3.1.8/go.mod h1:RVpR9VL4YECKoZCQijTYfPk8k52O61v6hSRekjxF0kw=
 github.com/alibabacloud-go/live-20161101 v1.1.1 h1:rUGfA8RHmCMtQ5M3yMSyRde+yRXWqVecmiXBU3XrGJ8=
 github.com/alibabacloud-go/live-20161101 v1.1.1/go.mod h1:g84w6qeAodT0/IHdc0tEed2a8PyhQhYl7TAj3jGl4A4=
 github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3 h1:LtyUVlgBEKyzWgQJurzXM6MXCt84sQr9cE5OKqYymko=
@@ -153,13 +163,14 @@ github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy
 github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
 github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA=
 github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
-github.com/alibabacloud-go/tea v1.3.2/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
+github.com/alibabacloud-go/tea v1.3.8/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
-github.com/alibabacloud-go/tea v1.3.4 h1:QGTns2930y+ANmoNcUS74TgYpsoqusSrLIyYDOvIFFI=
+github.com/alibabacloud-go/tea v1.3.9 h1:bjgt1bvdY780vz/17iWNNtbXl4A77HWntWMeaUF3So0=
-github.com/alibabacloud-go/tea v1.3.4/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
+github.com/alibabacloud-go/tea v1.3.9/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
 github.com/alibabacloud-go/tea-fileform v1.1.1 h1:1YG6erAP3joQ0XdCXYIotuD7zyOM6qCR49xkp5FZDeU=
 github.com/alibabacloud-go/tea-fileform v1.1.1/go.mod h1:ZeCV91o4ISmxidd686f0ebdS5EDHWU+vW+TkjLhrsFE=
 github.com/alibabacloud-go/tea-oss-sdk v1.1.3 h1:EhAHI6edMeqgkZEqP7r4nc9iMWAUBKGxJHoBsOSKTtU=
 github.com/alibabacloud-go/tea-oss-sdk v1.1.3/go.mod h1:yUnodpR3Bf2rudLE7V/Gft5txjJF30Pk+hH77K/Eab0=
 github.com/alibabacloud-go/tea-oss-sdk v1.1.5 h1:CFUFcqanvBaoGN/CyTHUZrVNtFZd1WTjem46m0HTTV0=
 github.com/alibabacloud-go/tea-oss-sdk v1.1.5/go.mod h1:5fhlKMa/kWRJNgPYRt+5qSg3UidRvNbf9Z2bI8Dp5/s=
 github.com/alibabacloud-go/tea-oss-utils v1.1.0 h1:y65crjjcZ2Pbb6UZtC2deuIZHDVTS3IaDWE7M9nVLRc=
 github.com/alibabacloud-go/tea-oss-utils v1.1.0/go.mod h1:PFCF12e9yEKyBUIn7X1IrF/pNjvxgkHy0CgxX4+xRuY=
 github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
@@ -177,20 +188,21 @@ github.com/alibabacloud-go/tea-xml v1.1.1/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE
 github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
 github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
-github.com/alibabacloud-go/vod-20170321/v4 v4.7.0 h1:hpsnJBX5EeMrFujopMCjfq+p8XbNvPhFw6LOTV/WHd8=
+github.com/alibabacloud-go/vod-20170321/v4 v4.8.4 h1:MYP2xfrcud8vlWljQ4lhemNgAgi9/AUAa450n8TUXZo=
-github.com/alibabacloud-go/vod-20170321/v4 v4.7.0/go.mod h1:TkgLKMSLu0qZN8Qdcu8svfHREyI64kjFvrp/GhrD4VQ=
+github.com/alibabacloud-go/vod-20170321/v4 v4.8.4/go.mod h1:5ocQ6hIc9tpGixD2iy099aOGwIgpzjT2le4Krd4aLn8=
-github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.5 h1:ldAm1nvsCq66igjtcZyGhAoLClr+2eZ/pMIBUdKCOMM=
+github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.1.3 h1:25tmcJxIitrk55crBGssPlqRzmFcpGVW5TEFxdUvfg0=
-github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.5/go.mod h1:DohGoS8BnMxHXghHebtjPP7+GMdxPsRN19T3nn2HcCU=
+github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.1.3/go.mod h1:9itYSTzipL3NlvhvNYfTjFaapoZzG68nlu/KUdh9SpA=
-github.com/aliyun/alibaba-cloud-sdk-go v1.63.83 h1:YBkf7H5CSgrlb3C1aWcpDt7Vk8UEGFPeD2OOirtt6IM=
+github.com/aliyun/alibaba-cloud-sdk-go v1.63.100 h1:yUkCbrSM1cWtgBfRVKMQtdt22KhDvKY7g4V+92eG9wA=
-github.com/aliyun/alibaba-cloud-sdk-go v1.63.83/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
+github.com/aliyun/alibaba-cloud-sdk-go v1.63.100/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
 github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
 github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM=
 github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
-github.com/aliyun/credentials-go v1.4.3 h1:N3iHyvHRMyOwY1+0qBLSf3hb5JFiOujVSVuEpgeGttY=
+github.com/aliyun/credentials-go v1.4.5/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
-github.com/aliyun/credentials-go v1.4.3/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
+github.com/aliyun/credentials-go v1.4.6 h1:CG8rc/nxCNKfXbZWpWDzI9GjF4Tuu3Es14qT8Y0ClOk=
 github.com/aliyun/credentials-go v1.4.6/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -206,40 +218,42 @@ github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm
 github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
 github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
 github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
-github.com/aws/aws-sdk-go-v2/config v1.29.5 h1:4lS2IB+wwkj5J43Tq/AwvnscBerBJtQQ6YS7puzCI1k=
+github.com/aws/aws-sdk-go-v2/config v1.29.9 h1:Kg+fAYNaJeGXp1vmjtidss8O2uXIsXwaRqsQJKXVr+0=
-github.com/aws/aws-sdk-go-v2/config v1.29.5/go.mod h1:SNzldMlDVbN6nWxM7XsUiNXPSa1LWlqiXtvh/1PrJGg=
+github.com/aws/aws-sdk-go-v2/config v1.29.9/go.mod h1:oU3jj2O53kgOU4TXq/yipt6ryiooYjlkqqVaZk7gY/U=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.58 h1:/d7FUpAPU8Lf2KUdjniQvfNdlMID0Sd9pS23FJ3SS9Y=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.62 h1:fvtQY3zFzYJ9CfixuAQ96IxDrBajbBWGqjNTCa79ocU=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.58/go.mod h1:aVYW33Ow10CyMQGFgC0ptMRIqJWvJ4nxZb0sUiuQT/A=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.62/go.mod h1:ElETBxIQqcxej++Cs8GyPBbgMys5DgQPTwo7cUPDKt8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 h1:KwsodFKVQTlI5EyhRSugALzsV6mG/SGrdjlMXSZSdso=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28/go.mod h1:EY3APf9MzygVhKuPXAc5H+MkGb8k/DOSQjWS0LgkKqI=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
-github.com/aws/aws-sdk-go-v2/service/acm v1.31.1 h1:FB1PgU6vlXbqehxZiHuYQRWo5Ou6sQrFJcUaRe27lRo=
+github.com/aws/aws-sdk-go-v2/service/acm v1.32.0 h1:Ik/TAn4TBw/t3JhQJKtwjgoOf6kg5nXc190TiGhNrmI=
-github.com/aws/aws-sdk-go-v2/service/acm v1.31.1/go.mod h1:3sKYAgRbuBa2QMYGh/WEclwnmfx+QoPhhX25PdSQSQM=
+github.com/aws/aws-sdk-go-v2/service/acm v1.32.0/go.mod h1:3sKYAgRbuBa2QMYGh/WEclwnmfx+QoPhhX25PdSQSQM=
-github.com/aws/aws-sdk-go-v2/service/cloudfront v1.45.2 h1:S3JpsBLyn/jqSJ6GgsbDQHubmop6fshQk/iOaOeotsc=
+github.com/aws/aws-sdk-go-v2/service/cloudfront v1.46.1 h1:6xZNYtuVwzBs8k+TmraERt0vL68Ppg9aUi+aTQmPaVM=
-github.com/aws/aws-sdk-go-v2/service/cloudfront v1.45.2/go.mod h1:FIBJ48TS+qJb+Ne4qJ+0NeIhtPTVXItXooTeNeVI4Po=
+github.com/aws/aws-sdk-go-v2/service/cloudfront v1.46.1/go.mod h1:FIBJ48TS+qJb+Ne4qJ+0NeIhtPTVXItXooTeNeVI4Po=
 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA=
+github.com/aws/aws-sdk-go-v2/service/iam v1.42.0 h1:G6+UzGvubaet9QOh0664E9JeT+b6Zvop3AChozRqkrA=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY=
+github.com/aws/aws-sdk-go-v2/service/iam v1.42.0/go.mod h1:mPJkGQzeCoPs82ElNILor2JzZgYENr4UaSKUT8K27+c=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 h1:SYVGSFQHlchIcy6e7x12bsrxClCXSP5et8cqVhL8cuw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13/go.mod h1:kizuDaLX37bG5WZaoxGPQR/LNFXpxp0vsUnqfkWXfNE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.48.1 h1:njgAP7Rtt4DGdTGFPhJ4gaZXCD1CDj/SZDa5W4ZgSTs=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.48.1/go.mod h1:TN4PcCL0lvqmYcv+AV8iZFC4Sd0FM06QDaoBXrFEftU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 h1:/eE3DogBjYlvlbhd2ssWyeuovWunHLxfgw3s/OJa4GQ=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.50.0 h1:/nkJHXtJXJeelXHqG0898+fWKgvfaXBhGzbCsSmn9j8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.15/go.mod h1:2PCJYpi7EKeA5SkStAmZlF6fi0uUABuhtF8ILHjGc3Y=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.50.0/go.mod h1:kGYOjvTa0Vw0qxrqrOLut1vMnui6qLxqv/SX3vYeM8Y=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 h1:M/zwXiL2iXUrHputuXgmO94TVNmcenPHxgLXLutodKE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 h1:8JdC7Gr9NROg1Rusk25IcZeTO59zLxsKgE0gkh5O6h0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14/go.mod h1:RVwIw3y/IqxC2YEXSIkAzRDdEU1iRabDPaYjpGCbCGQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.1/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 h1:TzeR06UCMUq+KA3bDkujxK1GVGy+G8qQN/QVYzGLkQE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 h1:KwuLovgQPcdjNMfFt9OhUd9a2OwcOKhxfvF4glTzLuA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.14/go.mod h1:dspXf/oYWGWo6DEvj98wpaTeqt5+DMidZD0A9BYTizc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc=
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
 github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
 github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
 github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
-github.com/baidubce/bce-sdk-go v0.9.221 h1:x5uTXND33m5TE3UBXYhlePuXcJi5rxNnBBt+bP7kPe0=
+github.com/baidubce/bce-sdk-go v0.9.228 h1:XEY3/oAxXcsi7+3atib9fMI6YNE9sL5qo+WMZ+iqmNE=
-github.com/baidubce/bce-sdk-go v0.9.221/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
+github.com/baidubce/bce-sdk-go v0.9.228/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -247,8 +261,10 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/blinkbean/dingtalk v1.1.3 h1:MbidFZYom7DTFHD/YIs+eaI7kRy52kmWE/sy0xjo6E4=
 github.com/blinkbean/dingtalk v1.1.3/go.mod h1:9BaLuGSBqY3vT5hstValh48DbsKO7vaHaJnG9pXwbto=
-github.com/byteplus-sdk/byteplus-sdk-golang v1.0.42 h1:Dm9FDjQP2SlAjUH7WAV7DFYDBFQz2uBxX6JULs0Sxs0=
+github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=
-github.com/byteplus-sdk/byteplus-sdk-golang v1.0.42/go.mod h1:CIL/T2dxgbIA79os+wl0Fq0vCbADTZNIddV6PNYB6DY=
+github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE=
 github.com/byteplus-sdk/byteplus-sdk-golang v1.0.46 h1:Z0TagIjBDaoCZuJANP/P8+z+ef8dStVCBPjMZcI/y8s=
 github.com/byteplus-sdk/byteplus-sdk-golang v1.0.46/go.mod h1:CIL/T2dxgbIA79os+wl0Fq0vCbADTZNIddV6PNYB6DY=
 github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
@@ -271,8 +287,8 @@ github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn
 github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
 github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.114.0 h1:ucoti4/7Exo0XQ+rzpn1H+IfVVe++zgiM+tyKtf0HUA=
+github.com/cloudflare/cloudflare-go v0.115.0 h1:84/dxeeXweCc0PN5Cto44iTA8AkG1fyT11yPO5ZB7sM=
-github.com/cloudflare/cloudflare-go v0.114.0/go.mod h1:O7fYfFfA6wKqKFn2QIR9lhj7FDw6VQCGOY6hd2TBtd0=
+github.com/cloudflare/cloudflare-go v0.115.0/go.mod h1:Ds6urDwn/TF2uIU24mu7H91xkKP8gSAHxQ44DSZgVmU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -290,6 +306,10 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c=
 github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4=
 github.com/diskfs/go-diskfs v1.5.0 h1:0SANkrab4ifiZBytk380gIesYh5Gc+3i40l7qsrYP4s=
 github.com/diskfs/go-diskfs v1.5.0/go.mod h1:bRFumZeGFCO8C2KNswrQeuj2m1WCVr4Ms5IjWMczMDk=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
 github.com/domodwyer/mailyak/v3 v3.6.2 h1:x3tGMsyFhTCaxp6ycgR0FE/bu5QiNp+hetUuCOBXMn8=
 github.com/domodwyer/mailyak/v3 v3.6.2/go.mod h1:lOm/u9CyCVWHeaAmHIdF4RiKVxKUT/H5XX10lIKAL6c=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
@@ -300,6 +320,8 @@ github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=
 github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=
 github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
 github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -325,26 +347,26 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/gammazero/toposort v0.1.1/go.mod h1:H2cozTnNpMw0hg2VHAYsAxmkHXBYroNangj2NTBQDvw=
-github.com/ganigeorgiev/fexpr v0.4.1 h1:hpUgbUEEWIZhSDBtf4M9aUNfQQ0BZkGRaMePy7Gcx5k=
+github.com/ganigeorgiev/fexpr v0.5.0 h1:XA9JxtTE/Xm+g/JFI6RfZEHSiQlk+1glLvRK1Lpv/Tk=
-github.com/ganigeorgiev/fexpr v0.4.1/go.mod h1:RyGiGqmeXhEQ6+mlGdnUleLHgtzzu/VGO2WtJkF5drE=
+github.com/ganigeorgiev/fexpr v0.5.0/go.mod h1:RyGiGqmeXhEQ6+mlGdnUleLHgtzzu/VGO2WtJkF5drE=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-acme/lego/v4 v4.22.2 h1:ck+HllWrV/rZGeYohsKQ5iKNnU/WAZxwOdiu6cxky+0=
+github.com/go-acme/lego/v4 v4.23.1 h1:lZ5fGtGESA2L9FB8dNTvrQUq3/X4QOb8ExkKyY7LSV4=
-github.com/go-acme/lego/v4 v4.22.2/go.mod h1:E2FndyI3Ekv0usNJt46mFb9LVpV/XBYT+4E3tz02Tzo=
+github.com/go-acme/lego/v4 v4.23.1/go.mod h1:7UMVR7oQbIYw6V7mTgGwi4Er7B6Ww0c+c8feiBM0EgI=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
-github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEaizzs=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-lark/lark v1.15.1 h1:fo6PQKBJht/71N9Zn3/xjknOYx0TmdVuP+VP8NrUCsI=
+github.com/go-lark/lark v1.16.0 h1:U6BwkLM9wrZedSM7cIiMofganr8PCvJN+M75w2lf2Gg=
-github.com/go-lark/lark v1.15.1/go.mod h1:6ltbSztPZRT6IaO9ZIQyVaY5pVp/KeMizDYtfZkU+vM=
+github.com/go-lark/lark v1.16.0/go.mod h1:6ltbSztPZRT6IaO9ZIQyVaY5pVp/KeMizDYtfZkU+vM=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -383,13 +405,13 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8Wd
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaELYAEARXRkq2LrJ0yDDv1rW7+wrTEdVL3uaU=
+github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
-github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM=
+github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
 github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw=
-github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
-github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
@@ -399,8 +421,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -430,8 +452,6 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -453,14 +473,13 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -470,8 +489,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20250315033105-103756e64e1d h1:tx51Lf+wdE+aavqH8TcPJoCjTf4cE8hrMzROghCely0=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
-github.com/google/pprof v0.0.0-20250315033105-103756e64e1d/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -487,22 +506,33 @@ github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB7
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
 github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
@@ -517,8 +547,8 @@ github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.141 h1:8i57QAi5u+iPAYze92bkIvZoHiS0J45ndul5glr/NE8=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.150 h1:Ih+z79Ko1ClH4dlv7O1lyHRiVCjkb2NZYYk+1cSZbU8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.141/go.mod h1:Y/+YLCFCJtS29i2MbYPTUlNNfwXvkzEsZKR0imY/2aY=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.150/go.mod h1:Y/+YLCFCJtS29i2MbYPTUlNNfwXvkzEsZKR0imY/2aY=
 github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo=
 github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -534,14 +564,14 @@ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJk
 github.com/jdcloud-api/jdcloud-sdk-go v1.64.0 h1:xZc/ZRcrOhDx9Ra9htu6ui2gUUttmLsXIqH61LcvY4U=
 github.com/jdcloud-api/jdcloud-sdk-go v1.64.0/go.mod h1:UrKjuULIWLjHFlG6aSPunArE5QX57LftMmStAZJBEX8=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/copier v0.3.4 h1:mfU6jI9PtCeUjkjQ322dlff9ELjGDu975C2p/nrubVI=
 github.com/jinzhu/copier v0.3.4/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
@@ -557,13 +587,15 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
-github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs=
+github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
-github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw=
+github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
 github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
@@ -590,6 +622,10 @@ github.com/libdns/dynv6 v1.0.0/go.mod h1:65PL/bAlyH0J+0WGlOJYnMpoIuXcg/FmW4dTBYW
 github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
 github.com/libdns/libdns v0.2.3 h1:ba30K4ObwMGB/QTmqUxf3H4/GmUrCAIkMWejeGl12v8=
 github.com/libdns/libdns v0.2.3/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/luthermonson/go-proxmox v0.2.2 h1:BZ7VEj302wxw2i/EwTcyEiBzQib8teocB2SSkLHyySY=
 github.com/luthermonson/go-proxmox v0.2.2/go.mod h1:oyFgg2WwTEIF0rP6ppjiixOHa5ebK1p8OaRiFhvICBQ=
 github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
 github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -610,8 +646,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
-github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.64 h1:wuZgD9wwCE6XMT05UU/mlSko71eRSXEAm2EbjQXLKnQ=
-github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
+github.com/miekg/dns v1.1.64/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
 github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
 github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
@@ -644,12 +680,16 @@ github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OS
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nikoksr/notify v1.3.0 h1:UxzfxzAYGQD9a5JYLBTVx0lFMxeHCke3rPCkfWdPgLs=
+github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 h1:ouZ2JWDl8IW5k1qugYbmpbmW8hn85Ig6buSMBRlz3KI=
-github.com/nikoksr/notify v1.3.0/go.mod h1:Xor2hMmkvrCfkCKvXGbcrESez4brac2zQjhd6U2BbeM=
+github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3/go.mod h1:ZwadWt7mVhMHMbAQ1w8IhDqtWO3eWqWq72W7trnaiE8=
 github.com/nrdcg/desec v0.10.0 h1:qrEDiqnsvNU9QE7lXIXi/tIHAfyaFXKxF2/8/52O8uM=
 github.com/nrdcg/desec v0.10.0/go.mod h1:5+4vyhMRTs49V9CNoODF/HwT8Mwxv9DJ6j+7NekUnBs=
 github.com/nrdcg/mailinabox v0.2.0 h1:IKq8mfKiVwNW2hQii/ng1dJ4yYMMv3HAP3fMFIq2CFk=
 github.com/nrdcg/mailinabox v0.2.0/go.mod h1:0yxqeYOiGyxAu7Sb94eMxHPIOsPYXAjTeA9ZhePhGnc=
 github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg=
 github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -675,8 +715,13 @@ github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144T
 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ=
 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ=
 github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM=
 github.com/peterhellberg/link v1.2.0 h1:UA5pg3Gp/E0F2WdX7GERiNrPQrM1K6CVJUUWfHa4t6c=
 github.com/peterhellberg/link v1.2.0/go.mod h1:gYfAh+oJgQu2SrZHg5hROVRQe1ICoK0/HHJTcE0edxc=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
 github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -685,19 +730,21 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pkg/sftp v1.13.8 h1:Xt7eJ/xqXv7s0VuzFw7JXhZj6Oc1zI6l4GK8KP9sFB0=
+github.com/pkg/sftp v1.13.9 h1:4NGkvGudBL7GteO3m6qnaQ4pC0Kvf0onSVc9gR3EWBw=
-github.com/pkg/sftp v1.13.8/go.mod h1:DmvEkvKE2lshEeuo2JMp06yqcx9HVnR7e3zqQl42F3U=
+github.com/pkg/sftp v1.13.9/go.mod h1:OBN7bVXdstkFFN/gdnHPUb5TE8eb8G1Rp9wCItqjkkA=
 github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
 github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pocketbase/dbx v1.11.0 h1:LpZezioMfT3K4tLrqA55wWFw1EtH1pM4tzSVa7kgszU=
 github.com/pocketbase/dbx v1.11.0/go.mod h1:xXRCIAKTHMgUCyCKZm55pUOdvFziJjQfXaWKhu2vhMs=
-github.com/pocketbase/pocketbase v0.26.1 h1:0WBqIRKKPCqp+xHPVLB4fevkoT9HVlR4BSuNwAt5oJ0=
+github.com/pocketbase/pocketbase v0.28.2 h1:b6cfUfr5d4whvUFGFhI8oHRzx/eB76GCUQGftqgv9lM=
-github.com/pocketbase/pocketbase v0.26.1/go.mod h1:t5y5pfnhrEg//RuSzSg0a926OLZ0oQj66jYs3BzDJwA=
+github.com/pocketbase/pocketbase v0.28.2/go.mod h1:ElwIYS1b5xS9w0U7AK7tsm6FuC0lzw57H8p/118Cu7g=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/povsister/scp v0.0.0-20240802064259-28781e87b246 h1:c4D8BPWLOxxdaxQLfLKQXH2YXY/E9yo3jrDSL54XrTw=
+github.com/povsister/scp v0.0.0-20250504051308-e467f71ea63c h1:1+j5JHz9mUzYSp0scuF6hzvJP28EDBFe5eBJb0xnGk4=
-github.com/povsister/scp v0.0.0-20240802064259-28781e87b246/go.mod h1:i1Au86ZXK0ZalQNyBp2njCcyhSCR/QP/AMfILip+zNI=
+github.com/povsister/scp v0.0.0-20250504051308-e467f71ea63c/go.mod h1:CiJNEeV6v0tUCNul/+gTjl+FgjfImoiuptJB9AEzqjE=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
@@ -720,22 +767,22 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/qiniu/dyn v1.3.0 h1:s+xPTeV0H8yikgM4ZMBc7Rrefam8UNI3asBlkaOQg5o=
 github.com/qiniu/dyn v1.3.0/go.mod h1:E8oERcm8TtwJiZvkQPbcAh0RL8jO1G0VXJMW3FAWdkk=
-github.com/qiniu/go-sdk/v7 v7.25.2 h1:URwgZpxySdiwu2yQpHk93X4LXWHyFRp1x3Vmlk/YWvo=
+github.com/qiniu/go-sdk/v7 v7.25.3 h1:eYHh02q4i5MrlEn3qy823w7moieymFzb4dsP38Y43AI=
-github.com/qiniu/go-sdk/v7 v7.25.2/go.mod h1:dmKtJ2ahhPWFVi9o1D5GemmWoh/ctuB9peqTowyTO8o=
+github.com/qiniu/go-sdk/v7 v7.25.3/go.mod h1:dmKtJ2ahhPWFVi9o1D5GemmWoh/ctuB9peqTowyTO8o=
 github.com/qiniu/x v1.10.5 h1:7V/CYWEmo9axJULvrJN6sMYh2FdY+esN5h8jwDkA4b0=
 github.com/qiniu/x v1.10.5/go.mod h1:03Ni9tj+N2h2aKnAz+6N0Xfl8FwMEDRC2PAlxekASDs=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E=
+github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
-github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw=
+github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -747,15 +794,15 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af h1:Sp5TG9f7K39yfB+If0vjp97vuT74F72r8hfRpP8jLU0=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
+github.com/spf13/cast v1.8.0 h1:gEN9K4b8Xws4EX0+a0reLmhq8moKn7ntRlQYgjPeCDk=
-github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cast v1.8.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
 github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
@@ -782,34 +829,34 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/technoweenie/multipartstreamer v1.0.1 h1:XRztA5MXiR1TIRHxH2uNxXxaIkKQDeX7m2XsSOlQEnM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1155 h1:ildxJtjnqiKZxWDVKHT/ncIknGDijtg60MuFELON8bY=
-github.com/technoweenie/multipartstreamer v1.0.1/go.mod h1:jNVxdtShOxzAsukZwTSw6MDx5eUJoiEBsSvzDU9uzog=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1155/go.mod h1:iLASpooTdyXtx642E5Ws7cfWENsp4/uZ/78TFoln7OI=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1115 h1:HsrXyqKQB2mKfGq+ZkbylRCMrbtPCmmUBrwA8MhhEX0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1166 h1:cEoDsBt7vGh7YtfVHVmgXKQURZANBE8UKK/So84QUdU=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1115/go.mod h1:5cz1DtLlXK98U1Hh36oW4PjVOU+mbKg5wtCDmCc9Fcs=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1166/go.mod h1:0o5Cfgdh+bAx7kpQ5a5wce/ZUiDvy4Md8NcbrLtk6i8=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1127 h1:PiLZflqaW0690YsqIM/hqaVYjZJ3+cCJp4NHfw7h/uw=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1128/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1127/go.mod h1:V1+julLUOH0jKoVH6o6xgM4STWowzAL57M4VanUEEag=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1150/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1084/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1155/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1115/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1117/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1166/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1124/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1169/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1125/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1126/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1172/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1127 h1:1uG8zc0b9gLbyTr27T0CzGtcdrL86CGGJ6Flkq867f4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1173 h1:W5bzEWiJwiwRZR0/P1l78OYWUXYsXLjhBaQ64c+9+fk=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1127/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1173/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1084 h1:kwctN0WQYt8/iKP+iRCTCwdzEMIXsXklbRIib5rjeQ8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1128 h1:mrJ5Fbkd7sZIJ5F6oRfh5zebPQaudPH9Y0+GUmFytYU=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1084/go.mod h1:qE67ApiBzeRvzeDsV+GxyIDbVIDemsKpHXllQATz/Vw=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1128/go.mod h1:zbsYIBT+VTX4z4ocjTAdLBIWyNYj3z0BRqd0iPdnjsk=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1117 h1:Yc/r5zUAyukVI3huIuwE7koowCjDjOWqeRpBILCvOSE=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1150 h1:RQQYfZOFYlkxKR2+xp8el3+8xs9DhxBy+ajlHtapqtQ=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1117/go.mod h1:YxsorHl3sTRw+2GsUObMqcumDqAQ3zo9rLMtf3Cxj8U=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1150/go.mod h1:zpfr6EBWy7ClASTGUgIy01Gn4R79UXf+2QGQeyR124A=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.1115 h1:Qi7VWmJ0AQxEMlwKpbWfnsLA5QdNxekdcLJTBVdO85U=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.1172 h1:6SUO0hTie3zxnUEMxmhnS1iRIXpAukSZV27Nrx4NwIk=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.1115/go.mod h1:P16nIMvmpSY+arTc2m2HyJmrYQP6CFnr48glz0+abyw=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.0.1172/go.mod h1:tmN4zfu70SD0iee3qfpc09NRLel30zGoAuzIs4X0Kfs=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1124 h1:LQKAlxFb0sYiE8ojK5h9+seuFzogoJtYnXmiRF+4F4Q=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1169 h1:oBymtJEmKDnS2NIR0PDLd+xCGQ+7uMoEt7zEB5Q3x8U=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1124/go.mod h1:tYbK0FbHVG+78od7eZpzczE8qk0JWKO/osTQWuiJ3Fo=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1169/go.mod h1:K27PNEgRJ602ESXUNnlRnCkf1+XYHI6RVP/ylIe/Aro=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1126 h1:+CJQNXLdLP0GLaz2fnPECQsU+WdOmW3BQ54cNoQgMKA=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1166 h1:+kIsoG2If/0y15PpZsXfT0QqTuwec9nMgo1JP8KQMkw=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1126/go.mod h1:eY3GoWilNoCPOEw2Lp4o+h02nEfc+BoZnqK3TlK6F7I=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1166/go.mod h1:lGmBMXqe3vBg6Bi9h4mVpWLKd7jQIMRbndr8KNHBqSw=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.1115 h1:rO0LdbcNtT5VlL9sB/K3Ve848uLp1rgg3R8igT9xsFQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.1164 h1:caaIGWOs/JtWOK5ptVMEiiGgzU7Jf6UpMv+9IbIa4vs=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.1115/go.mod h1:jJR8Y5sHuujSXZy0cpCgBk180TvPNsLw9hEoSH9w7iA=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.1164/go.mod h1:SJI2mc77gDC7Tw1QoF/4d5SwLvz8HQFUecWtIXb+r/Q=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1125 h1:IR9pJqHjHr7KyncRVxld9iltfnmy9sCC+0USZrs3rOw=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170 h1:kcQCWuI9zOkZgL5CK66HNAJmSWCSJxRrDxXT+j02CeE=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1125/go.mod h1:5+5QrF7x+AW1KPM7F+YRzD74L88RXHZ6BxDF07b8QkE=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170/go.mod h1:vTukVfThbBIc4lOf4eq/q51eEk78oZUJd2lAoJBOJwI=
 github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
@@ -818,16 +865,18 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO
 github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
-github.com/ucloud/ucloud-sdk-go v0.22.31 h1:izZK+Re9ZkJAd1fHSVpFzgh8uKda4f5G6++iUw4n/mE=
+github.com/ucloud/ucloud-sdk-go v0.22.41 h1:JndTJhCx7A1wggZfVb4KMm7D0Wfvd/HkmQVfSNjClQA=
-github.com/ucloud/ucloud-sdk-go v0.22.31/go.mod h1:dyLmFHmUfgb4RZKYQP9IArlvQ2pxzFthfhwxRzOEPIw=
+github.com/ucloud/ucloud-sdk-go v0.22.41/go.mod h1:dyLmFHmUfgb4RZKYQP9IArlvQ2pxzFthfhwxRzOEPIw=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
-github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.9 h1:fEnScn2dXfvfNcFnvJnpf/cYdj8kLIe5QC5qORlFO2c=
+github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.12 h1:u9+32DXQIOFPG8oQ3xrjSAUSyAcaq5bqO4cEBom/6lA=
-github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.9/go.mod h1:IrjK84IJJTuOZOTMv/P18Ydjy/x+ow7fF7q11jAxXLM=
+github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.12/go.mod h1:IrjK84IJJTuOZOTMv/P18Ydjy/x+ow7fF7q11jAxXLM=
 github.com/volcengine/volc-sdk-golang v1.0.23/go.mod h1:AfG/PZRUkHJ9inETvbjNifTDgut25Wbkm2QoYBTbvyU=
-github.com/volcengine/volc-sdk-golang v1.0.199 h1:zv9QOqTl/IsLwtfC37GlJtcz6vMAHi+pjq8ILWjLYUc=
+github.com/volcengine/volc-sdk-golang v1.0.208 h1:DyGUPjEKhWS08BkptfqenXTuUq+LKb7+gX/RBAtNl8w=
-github.com/volcengine/volc-sdk-golang v1.0.199/go.mod h1:stZX+EPgv1vF4nZwOlEe8iGcriUPRBKX8zA19gXycOQ=
+github.com/volcengine/volc-sdk-golang v1.0.208/go.mod h1:stZX+EPgv1vF4nZwOlEe8iGcriUPRBKX8zA19gXycOQ=
-github.com/volcengine/volcengine-go-sdk v1.0.187 h1:YpZjydoyHDA/ofnF6mYCelbOoo9pJsBEiQOOSJzGSOY=
+github.com/volcengine/volcengine-go-sdk v1.1.8 h1:/T2p7qeeLWWhGrhtB00b8VNlE32S266LcO+jqFUYwzY=
-github.com/volcengine/volcengine-go-sdk v1.0.187/go.mod h1:gfEDc1s7SYaGoY+WH2dRrS3qiuDJMkwqyfXWCa7+7oA=
+github.com/volcengine/volcengine-go-sdk v1.1.8/go.mod h1:EyKoi6t6eZxoPNGr2GdFCZti2Skd7MO3eUzx7TtSvNo=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -895,8 +944,8 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -910,14 +959,14 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
+golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
+golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.25.0 h1:Y6uW6rH1y5y/LK1J8BPWZtr6yZ7hrsy6hFrXjgsc2fQ=
+golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w=
-golang.org/x/image v0.25.0/go.mod h1:tCAmOEGthTtkalusGp1g3xa2gke8J6c2N565dTyl9Rs=
+golang.org/x/image v0.27.0/go.mod h1:xbdrClrAUway1MUTEZDq9mz/UpRwYAkFFNUslZtcB+g=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1000,16 +1049,16 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1027,8 +1076,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1081,6 +1130,7 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1089,6 +1139,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1105,8 +1156,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1122,8 +1173,8 @@ golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1142,15 +1193,15 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1205,8 +1256,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
-golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
+golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1346,39 +1397,39 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.33.1 h1:tA6Cf3bHnLIrUK4IqEgb2v++/GYUtqiu9sRVk3iBXyw=
-k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
+k8s.io/api v0.33.1/go.mod h1:87esjTn9DRSRTD4fWMXamiXxJhpOIREjWOSjsW1kEHw=
-k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.33.1 h1:mzqXWV8tW9Rw4VeW9rEkqvnxj59k1ezDUl20tFK/oM4=
-k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apimachinery v0.33.1/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
-k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.33.1 h1:ZZV/Ks2g92cyxWkRRnfUDsnhNn28eFpt26aGc8KbXF4=
-k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/client-go v0.33.1/go.mod h1:JAsUrl1ArO7uRVFWfcj6kOomSlCv+JpvIsp6usAGefA=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-modernc.org/cc/v4 v4.24.4 h1:TFkx1s6dCkQpd6dKurBNmpo+G8Zl4Sq/ztJ+2+DEsh0=
+modernc.org/cc/v4 v4.26.1 h1:+X5NtzVBn0KgsBCBe+xkDC7twLb/jNVj9FPgiwSQO3s=
-modernc.org/cc/v4 v4.24.4/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/cc/v4 v4.26.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
-modernc.org/ccgo/v4 v4.23.16 h1:Z2N+kk38b7SfySC1ZkpGLN2vthNJP1+ZzGZIlH7uBxo=
+modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
-modernc.org/ccgo/v4 v4.23.16/go.mod h1:nNma8goMTY7aQZQNTyN9AIoJfxav4nvTnvKThAeMDdo=
+modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
 modernc.org/fileutil v1.0.0/go.mod h1:JHsWpkrk/CnVV1H/eGlFf85BEpfkrp56ro8nojIq9Q8=
-modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
+modernc.org/fileutil v1.3.1 h1:8vq5fe7jdtEvoCf3Zf9Nm0Q05sH6kGx0Op2CPx1wTC8=
-modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
+modernc.org/fileutil v1.3.1/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
-modernc.org/gc/v2 v2.6.3 h1:aJVhcqAte49LF+mGveZ5KPlsp4tdGdAOT4sipJXADjw=
+modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
-modernc.org/gc/v2 v2.6.3/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
+modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
-modernc.org/libc v1.61.13 h1:3LRd6ZO1ezsFiX1y+bHd1ipyEHIJKvuprv0sLTBwLW8=
+modernc.org/libc v1.65.7 h1:Ia9Z4yzZtWNtUIuiPuQ7Qf7kxYrxP1/jeHZzG8bFu00=
-modernc.org/libc v1.61.13/go.mod h1:8F/uJWL/3nNil0Lgt1Dpz+GgkApWh04N3el3hxJcA6E=
+modernc.org/libc v1.65.7/go.mod h1:011EQibzzio/VX3ygj1qGFt5kMjP0lHb0qCW5/D/pQU=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
-modernc.org/memory v1.8.2 h1:cL9L4bcoAObu4NkxOlKWBWtNHIsnnACGF/TbqQ6sbcI=
+modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
-modernc.org/memory v1.8.2/go.mod h1:ZbjSvMO5NQ1A2i3bWeDiVMxIorXwdClKE/0SZ+BMotU=
+modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
 modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.36.1 h1:bDa8BJUH4lg6EGkLbahKe/8QqoF8p9gArSc6fTqYhyQ=
+modernc.org/sqlite v1.37.1 h1:EgHJK/FPoqC+q2YBXg7fUmES37pCHFc97sI7zSayBEs=
-modernc.org/sqlite v1.36.1/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
+modernc.org/sqlite v1.37.1/go.mod h1:XwdRtsE1MpiBcL54+MbKcaDvcuej+IYSMfLN6gSKV8g=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
@@ -1389,8 +1440,11 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
 sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
 sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/internal/applicant/acme_ca.go
+++ b/internal/applicant/acme_ca.go
@@ -1,38 +1,31 @@
-package applicant
+package applicant
 import "github.com/usual2970/certimate/internal/domain"
 const (
-	sslProviderLetsEncrypt         = "letsencrypt"
+	caLetsEncrypt         = string(domain.CAProviderTypeLetsEncrypt)
-	sslProviderLetsEncryptStaging  = "letsencrypt_staging"
+	caLetsEncryptStaging  = string(domain.CAProviderTypeLetsEncryptStaging)
-	sslProviderZeroSSL             = "zerossl"
+	caBuypass             = string(domain.CAProviderTypeBuypass)
-	sslProviderGoogleTrustServices = "gts"
+	caGoogleTrustServices = string(domain.CAProviderTypeGoogleTrustServices)
-)
+	caSSLCom              = string(domain.CAProviderTypeSSLCom)
-const defaultSSLProvider = sslProviderLetsEncrypt
+	caZeroSSL             = string(domain.CAProviderTypeZeroSSL)
 	caCustom              = string(domain.CAProviderTypeACMECA)
-const (
+	caDefault = caLetsEncrypt
 	letsencryptUrl        = "https://acme-v02.api.letsencrypt.org/directory"
 	letsencryptStagingUrl = "https://acme-staging-v02.api.letsencrypt.org/directory"
 	zerosslUrl            = "https://acme.zerossl.com/v2/DV90"
 	gtsUrl                = "https://dv.acme-v02.api.pki.goog/directory"
 )
-var sslProviderUrls = map[string]string{
+var caDirUrls = map[string]string{
-	sslProviderLetsEncrypt:         letsencryptUrl,
+	caLetsEncrypt:         "https://acme-v02.api.letsencrypt.org/directory",
-	sslProviderLetsEncryptStaging:  letsencryptStagingUrl,
+	caLetsEncryptStaging:  "https://acme-staging-v02.api.letsencrypt.org/directory",
-	sslProviderZeroSSL:             zerosslUrl,
+	caBuypass:             "https://api.buypass.com/acme/directory",
-	sslProviderGoogleTrustServices: gtsUrl,
+	caGoogleTrustServices: "https://dv.acme-v02.api.pki.goog/directory",
 	caSSLCom:              "https://acme.ssl.com/sslcom-dv-rsa",
 	caSSLCom + "RSA":      "https://acme.ssl.com/sslcom-dv-rsa",
 	caSSLCom + "ECC":      "https://acme.ssl.com/sslcom-dv-ecc",
 	caZeroSSL:             "https://acme.zerossl.com/v2/DV90",
 }
 type acmeSSLProviderConfig struct {
-	Config   acmeSSLProviderConfigContent `json:"config"`
+	Config   map[domain.CAProviderType]map[string]any `json:"config"`
-	Provider string                       `json:"provider"`
+	Provider string                                   `json:"provider"`
 }
 type acmeSSLProviderConfigContent struct {
 	ZeroSSL             acmeSSLProviderEabConfig `json:"zerossl"`
 	GoogleTrustServices acmeSSLProviderEabConfig `json:"gts"`
 }
 type acmeSSLProviderEabConfig struct {
 	EabHmacKey string `json:"eabHmacKey"`
 	EabKid     string `json:"eabKid"`
 }
--- a/internal/applicant/acme_user.go
+++ b/internal/applicant/acme_user.go
@@ -1,4 +1,4 @@
-package applicant
+package applicant
 import (
 	"context"
@@ -7,33 +7,44 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"fmt"
 	"strings"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/registration"
 	"golang.org/x/sync/singleflight"
 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/utils/certutil"
+	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 	"github.com/usual2970/certimate/internal/repository"
 )
 type acmeUser struct {
-	CA           string
+	// 证书颁发机构标识。
-	Email        string
+	// 通常等同于 [CAProviderType] 的值。
 	// 对于自定义 ACME CA，值为 "custom#{access_id}"。
 	CA string
 	// 邮箱。
 	Email string
 	// 注册信息。
 	Registration *registration.Resource
 	// CSR 私钥。
 	privkey string
 }
-func newAcmeUser(ca, email string) (*acmeUser, error) {
+func newAcmeUser(ca, caAccessId, email string) (*acmeUser, error) {
 	repo := repository.NewAcmeAccountRepository()
 	applyUser := &acmeUser{
 		CA:    ca,
 		Email: email,
 	}
 	if ca == caCustom {
 		applyUser.CA = fmt.Sprintf("%s#%s", ca, caAccessId)
 	}
-	acmeAccount, err := repo.GetByCAAndEmail(ca, email)
+	acmeAccount, err := repo.GetByCAAndEmail(applyUser.CA, applyUser.Email)
 	if err != nil {
 		key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 		if err != nil {
@@ -72,20 +83,19 @@ func (u *acmeUser) hasRegistration() bool {
 	return u.Registration != nil
 }
 func (u *acmeUser) getCAProvider() string {
 	return strings.Split(u.CA, "#")[0]
 }
 func (u *acmeUser) getPrivateKeyPEM() string {
 	return u.privkey
 }
 type acmeAccountRepository interface {
 	GetByCAAndEmail(ca, email string) (*domain.AcmeAccount, error)
 	Save(ca, email, key string, resource *registration.Resource) error
 }
 var registerGroup singleflight.Group
-func registerAcmeUserWithSingleFlight(client *lego.Client, sslProviderConfig *acmeSSLProviderConfig, user *acmeUser) (*registration.Resource, error) {
+func registerAcmeUserWithSingleFlight(client *lego.Client, user *acmeUser, userRegisterOptions map[string]any) (*registration.Resource, error) {
-	resp, err, _ := registerGroup.Do(fmt.Sprintf("register_acme_user_%s_%s", sslProviderConfig.Provider, user.GetEmail()), func() (interface{}, error) {
+	resp, err, _ := registerGroup.Do(fmt.Sprintf("register_acme_user_%s_%s", user.CA, user.Email), func() (interface{}, error) {
-		return registerAcmeUser(client, sslProviderConfig, user)
+		return registerAcmeUser(client, user, userRegisterOptions)
 	})
 	if err != nil {
@@ -95,45 +105,101 @@ func registerAcmeUserWithSingleFlight(client *lego.Client, sslProviderConfig *ac
 	return resp.(*registration.Resource), nil
 }
-func registerAcmeUser(client *lego.Client, sslProviderConfig *acmeSSLProviderConfig, user *acmeUser) (*registration.Resource, error) {
+func registerAcmeUser(client *lego.Client, user *acmeUser, userRegisterOptions map[string]any) (*registration.Resource, error) {
 	var reg *registration.Resource
 	var err error
-	switch sslProviderConfig.Provider {
+	switch user.getCAProvider() {
-	case sslProviderZeroSSL:
+	case caLetsEncrypt, caLetsEncryptStaging:
 		reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 			TermsOfServiceAgreed: true,
 			Kid:                  sslProviderConfig.Config.ZeroSSL.EabKid,
 			HmacEncoded:          sslProviderConfig.Config.ZeroSSL.EabHmacKey,
 		})
 	case sslProviderGoogleTrustServices:
 		reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 			TermsOfServiceAgreed: true,
 			Kid:                  sslProviderConfig.Config.GoogleTrustServices.EabKid,
 			HmacEncoded:          sslProviderConfig.Config.GoogleTrustServices.EabHmacKey,
 		})
 	case sslProviderLetsEncrypt, sslProviderLetsEncryptStaging:
 		reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 	case caBuypass:
 		{
 			reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 		}
 	case caGoogleTrustServices:
 		{
 			access := domain.AccessConfigForGoogleTrustServices{}
 			if err := maputil.Populate(userRegisterOptions, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  access.EabKid,
 				HmacEncoded:          access.EabHmacKey,
 			})
 		}
 	case caSSLCom:
 		{
 			access := domain.AccessConfigForSSLCom{}
 			if err := maputil.Populate(userRegisterOptions, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  access.EabKid,
 				HmacEncoded:          access.EabHmacKey,
 			})
 		}
 	case caZeroSSL:
 		{
 			access := domain.AccessConfigForZeroSSL{}
 			if err := maputil.Populate(userRegisterOptions, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 				TermsOfServiceAgreed: true,
 				Kid:                  access.EabKid,
 				HmacEncoded:          access.EabHmacKey,
 			})
 		}
 	case caCustom:
 		{
 			access := domain.AccessConfigForACMECA{}
 			if err := maputil.Populate(userRegisterOptions, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			if access.EabKid == "" && access.EabHmacKey == "" {
 				reg, err = client.Registration.Register(registration.RegisterOptions{
 					TermsOfServiceAgreed: true,
 				})
 			} else {
 				reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 					TermsOfServiceAgreed: true,
 					Kid:                  access.EabKid,
 					HmacEncoded:          access.EabHmacKey,
 				})
 			}
 		}
 	default:
-		err = fmt.Errorf("unsupported ssl provider: %s", sslProviderConfig.Provider)
+		err = fmt.Errorf("unsupported ca provider '%s'", user.CA)
 	}
 	if err != nil {
 		return nil, err
 	}
 	repo := repository.NewAcmeAccountRepository()
-	resp, err := repo.GetByCAAndEmail(sslProviderConfig.Provider, user.GetEmail())
+	resp, err := repo.GetByCAAndEmail(user.CA, user.Email)
 	if err == nil {
 		user.privkey = resp.Key
 		return resp.Resource, nil
 	}
 	if _, err := repo.Save(context.Background(), &domain.AcmeAccount{
-		CA:       sslProviderConfig.Provider,
+		CA:       user.CA,
-		Email:    user.GetEmail(),
+		Email:    user.Email,
 		Key:      user.getPrivateKeyPEM(),
 		Resource: reg,
 	}); err != nil {
-		return nil, fmt.Errorf("failed to save registration: %w", err)
+		return nil, fmt.Errorf("failed to save acme account registration: %w", err)
 	}
 	return reg, nil
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -4,10 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"log/slog"
 	"os"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
@@ -18,72 +20,97 @@ import (
 	"golang.org/x/time/rate"
 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/utils/sliceutil"
+	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 	sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
 	"github.com/usual2970/certimate/internal/repository"
 )
-type ApplyCertResult struct {
+type ApplyResult struct {
-	CertificateFullChain string
+	CSR                  string
 	FullChainCertificate string
 	IssuerCertificate    string
 	PrivateKey           string
 	ACMEAccountUrl       string
 	ACMECertUrl          string
 	ACMECertStableUrl    string
-	CSR                  string
+	ARIReplaced          bool
 }
 type Applicant interface {
-	Apply() (*ApplyCertResult, error)
+	Apply(ctx context.Context) (*ApplyResult, error)
 }
-type applicantOptions struct {
+type ApplicantWithWorkflowNodeConfig struct {
-	Domains               []string
+	Node   *domain.WorkflowNode
-	ContactEmail          string
+	Logger *slog.Logger
 	Provider              domain.ApplyDNSProviderType
 	ProviderAccessConfig  map[string]any
 	ProviderApplyConfig   map[string]any
 	KeyAlgorithm          string
 	Nameservers           []string
 	DnsPropagationTimeout int32
 	DnsTTL                int32
 	DisableFollowCNAME    bool
 	ReplacedARIAcctId     string
 	ReplacedARICertId     string
 }
-func NewWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
+func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, error) {
-	if node.Type != domain.WorkflowNodeTypeApply {
+	if config.Node == nil {
-		return nil, fmt.Errorf("node type is not apply")
+		return nil, fmt.Errorf("node is nil")
 	}
 	if config.Node.Type != domain.WorkflowNodeTypeApply {
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeApply))
 	}
-	nodeConfig := node.GetConfigForApply()
+	nodeCfg := config.Node.GetConfigForApply()
-	options := &applicantOptions{
+	options := &applicantProviderOptions{
-		Domains:               sliceutil.Filter(strings.Split(nodeConfig.Domains, ";"), func(s string) bool { return s != "" }),
+		Domains:                 sliceutil.Filter(strings.Split(nodeCfg.Domains, ";"), func(s string) bool { return s != "" }),
-		ContactEmail:          nodeConfig.ContactEmail,
+		ContactEmail:            nodeCfg.ContactEmail,
-		Provider:              domain.ApplyDNSProviderType(nodeConfig.Provider),
+		Provider:                domain.ACMEDns01ProviderType(nodeCfg.Provider),
-		ProviderApplyConfig:   nodeConfig.ProviderConfig,
+		ProviderAccessConfig:    make(map[string]any),
-		KeyAlgorithm:          nodeConfig.KeyAlgorithm,
+		ProviderServiceConfig:   nodeCfg.ProviderConfig,
-		Nameservers:           sliceutil.Filter(strings.Split(nodeConfig.Nameservers, ";"), func(s string) bool { return s != "" }),
+		CAProvider:              domain.CAProviderType(nodeCfg.CAProvider),
-		DnsPropagationTimeout: nodeConfig.DnsPropagationTimeout,
+		CAProviderAccessConfig:  make(map[string]any),
-		DnsTTL:                nodeConfig.DnsTTL,
+		CAProviderServiceConfig: nodeCfg.CAProviderConfig,
-		DisableFollowCNAME:    nodeConfig.DisableFollowCNAME,
+		KeyAlgorithm:            nodeCfg.KeyAlgorithm,
 		Nameservers:             sliceutil.Filter(strings.Split(nodeCfg.Nameservers, ";"), func(s string) bool { return s != "" }),
 		DnsPropagationWait:      nodeCfg.DnsPropagationWait,
 		DnsPropagationTimeout:   nodeCfg.DnsPropagationTimeout,
 		DnsTTL:                  nodeCfg.DnsTTL,
 		DisableFollowCNAME:      nodeCfg.DisableFollowCNAME,
 	}
 	accessRepo := repository.NewAccessRepository()
-	if access, err := accessRepo.GetById(context.Background(), nodeConfig.ProviderAccessId); err != nil {
+	if nodeCfg.ProviderAccessId != "" {
-		return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.ProviderAccessId, err)
+		if access, err := accessRepo.GetById(context.Background(), nodeCfg.ProviderAccessId); err != nil {
-	} else {
+			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.ProviderAccessId, err)
-		accessConfig, err := access.UnmarshalConfigToMap()
+		} else {
-		if err != nil {
+			options.ProviderAccessConfig = access.Config
-			return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+		}
 	}
 	if nodeCfg.CAProviderAccessId != "" {
 		if access, err := accessRepo.GetById(context.Background(), nodeCfg.CAProviderAccessId); err != nil {
 			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.CAProviderAccessId, err)
 		} else {
 			options.CAProviderAccessId = access.Id
 			options.CAProviderAccessConfig = access.Config
 		}
 	}
 	settingsRepo := repository.NewSettingsRepository()
 	if string(options.CAProvider) == "" {
 		settings, _ := settingsRepo.GetByName(context.Background(), "sslProvider")
 		sslProviderConfig := &acmeSSLProviderConfig{
 			Config:   make(map[domain.CAProviderType]map[string]any),
 			Provider: caDefault,
 		}
 		if settings != nil {
 			if err := json.Unmarshal([]byte(settings.Content), sslProviderConfig); err != nil {
 				return nil, err
 			} else if sslProviderConfig.Provider == "" {
 				sslProviderConfig.Provider = caDefault
 			}
 		}
-		options.ProviderAccessConfig = accessConfig
+		options.CAProvider = domain.CAProviderType(sslProviderConfig.Provider)
 		options.CAProviderAccessConfig = sslProviderConfig.Config[options.CAProvider]
 	}
 	certRepo := repository.NewCertificateRepository()
-	lastCertificate, _ := certRepo.GetByWorkflowNodeId(context.Background(), node.Id)
+	lastCertificate, _ := certRepo.GetByWorkflowNodeId(context.Background(), config.Node.Id)
-	if lastCertificate != nil {
+	if lastCertificate != nil && !lastCertificate.ACMERenewed {
 		newCertSan := slices.Clone(options.Domains)
 		oldCertSan := strings.Split(lastCertificate.SubjectAltNames, ";")
 		slices.Sort(newCertSan)
@@ -93,42 +120,53 @@ func NewWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 			lastCertX509, _ := certcrypto.ParsePEMCertificate([]byte(lastCertificate.Certificate))
 			if lastCertX509 != nil {
 				replacedARICertId, _ := certificate.MakeARICertID(lastCertX509)
-				options.ReplacedARIAcctId = lastCertificate.ACMEAccountUrl
+				options.ARIReplaceAcct = lastCertificate.ACMEAccountUrl
-				options.ReplacedARICertId = replacedARICertId
+				options.ARIReplaceCert = replacedARICertId
 			}
 		}
 	}
-	applicant, err := createApplicant(options)
+	applicant, err := createApplicantProvider(options)
 	if err != nil {
 		return nil, err
 	}
-	return &proxyApplicant{
+	return &applicantImpl{
 		applicant: applicant,
 		options:   options,
 	}, nil
 }
-func apply(challengeProvider challenge.Provider, options *applicantOptions) (*ApplyCertResult, error) {
+type applicantImpl struct {
-	settingsRepo := repository.NewSettingsRepository()
+	applicant challenge.Provider
-	settings, _ := settingsRepo.GetByName(context.Background(), "sslProvider")
+	options   *applicantProviderOptions
 }
-	sslProviderConfig := &acmeSSLProviderConfig{
+var _ Applicant = (*applicantImpl)(nil)
-		Config:   acmeSSLProviderConfigContent{},
+
-		Provider: defaultSSLProvider,
+func (d *applicantImpl) Apply(ctx context.Context) (*ApplyResult, error) {
-	}
+	limiter := getLimiter(fmt.Sprintf("apply_%s", d.options.ContactEmail))
-	if settings != nil {
+	if err := limiter.Wait(ctx); err != nil {
-		if err := json.Unmarshal([]byte(settings.Content), sslProviderConfig); err != nil {
+		return nil, err
 			return nil, err
 		}
 	}
-	if sslProviderConfig.Provider == "" {
+	return applyUseLego(d.applicant, d.options)
-		sslProviderConfig.Provider = defaultSSLProvider
+}
 	}
-	acmeUser, err := newAcmeUser(sslProviderConfig.Provider, options.ContactEmail)
+const (
 	limitBurst         = 300
 	limitRate  float64 = float64(1) / float64(36)
 )
 var limiters sync.Map
 func getLimiter(key string) *rate.Limiter {
 	limiter, _ := limiters.LoadOrStore(key, rate.NewLimiter(rate.Limit(limitRate), 300))
 	return limiter.(*rate.Limiter)
 }
 func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOptions) (*ApplyResult, error) {
 	user, err := newAcmeUser(string(options.CAProvider), options.CAProviderAccessId, options.ContactEmail)
 	if err != nil {
 		return nil, err
 	}
@@ -138,9 +176,29 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 	os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", strconv.FormatBool(options.DisableFollowCNAME))
 	// Create an ACME client config
-	config := lego.NewConfig(acmeUser)
+	config := lego.NewConfig(user)
-	config.CADirURL = sslProviderUrls[sslProviderConfig.Provider]
+	config.Certificate.KeyType = parseLegoKeyAlgorithm(domain.CertificateKeyAlgorithmType(options.KeyAlgorithm))
-	config.Certificate.KeyType = parseKeyAlgorithm(domain.CertificateKeyAlgorithmType(options.KeyAlgorithm))
+	switch user.getCAProvider() {
 	case caSSLCom:
 		if strings.HasPrefix(options.KeyAlgorithm, "RSA") {
 			config.CADirURL = caDirUrls[caSSLCom+"RSA"]
 		} else if strings.HasPrefix(options.KeyAlgorithm, "EC") {
 			config.CADirURL = caDirUrls[caSSLCom+"ECC"]
 		} else {
 			config.CADirURL = caDirUrls[caSSLCom]
 		}
 	case caCustom:
 		caDirURL := maputil.GetString(options.CAProviderAccessConfig, "endpoint")
 		if caDirURL != "" {
 			config.CADirURL = caDirURL
 		} else {
 			return nil, fmt.Errorf("invalid ca provider endpoint")
 		}
 	default:
 		config.CADirURL = caDirUrls[user.CA]
 	}
 	// Create an ACME client
 	client, err := lego.NewClient(config)
@@ -149,20 +207,28 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 	}
 	// Set the DNS01 challenge provider
-	challengeOptions := make([]dns01.ChallengeOption, 0)
+	client.Challenge.SetDNS01Provider(legoProvider,
-	if len(options.Nameservers) > 0 {
+		dns01.CondOption(
-		challengeOptions = append(challengeOptions, dns01.AddRecursiveNameservers(dns01.ParseNameservers(options.Nameservers)))
+			len(options.Nameservers) > 0,
-		challengeOptions = append(challengeOptions, dns01.DisableAuthoritativeNssPropagationRequirement())
+			dns01.AddRecursiveNameservers(dns01.ParseNameservers(options.Nameservers)),
-	}
+		),
-	client.Challenge.SetDNS01Provider(challengeProvider, challengeOptions...)
+		dns01.CondOption(
 			options.DnsPropagationWait > 0,
 			dns01.PropagationWait(time.Duration(options.DnsPropagationWait)*time.Second, true),
 		),
 		dns01.CondOption(
 			len(options.Nameservers) > 0 || options.DnsPropagationWait > 0,
 			dns01.DisableAuthoritativeNssPropagationRequirement(),
 		),
 	)
 	// New users need to register first
-	if !acmeUser.hasRegistration() {
+	if !user.hasRegistration() {
-		reg, err := registerAcmeUserWithSingleFlight(client, sslProviderConfig, acmeUser)
+		reg, err := registerAcmeUserWithSingleFlight(client, user, options.CAProviderAccessConfig)
 		if err != nil {
-			return nil, fmt.Errorf("failed to register: %w", err)
+			return nil, fmt.Errorf("failed to register acme user: %w", err)
 		}
-		acmeUser.Registration = reg
+		user.Registration = reg
 	}
 	// Obtain a certificate
@@ -170,64 +236,41 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 		Domains: options.Domains,
 		Bundle:  true,
 	}
-	if options.ReplacedARICertId != "" && options.ReplacedARIAcctId != acmeUser.Registration.URI {
+	if options.ARIReplaceAcct == user.Registration.URI {
-		certRequest.ReplacesCertID = options.ReplacedARICertId
+		certRequest.ReplacesCertID = options.ARIReplaceCert
 	}
 	certResource, err := client.Certificate.Obtain(certRequest)
 	if err != nil {
 		return nil, err
 	}
-	return &ApplyCertResult{
+	return &ApplyResult{
-		CertificateFullChain: strings.TrimSpace(string(certResource.Certificate)),
+		CSR:                  strings.TrimSpace(string(certResource.CSR)),
 		FullChainCertificate: strings.TrimSpace(string(certResource.Certificate)),
 		IssuerCertificate:    strings.TrimSpace(string(certResource.IssuerCertificate)),
 		PrivateKey:           strings.TrimSpace(string(certResource.PrivateKey)),
-		ACMEAccountUrl:       acmeUser.Registration.URI,
+		ACMEAccountUrl:       user.Registration.URI,
 		ACMECertUrl:          certResource.CertURL,
 		ACMECertStableUrl:    certResource.CertStableURL,
-		CSR:                  strings.TrimSpace(string(certResource.CSR)),
+		ARIReplaced:          certRequest.ReplacesCertID != "",
 	}, nil
 }
-func parseKeyAlgorithm(algo domain.CertificateKeyAlgorithmType) certcrypto.KeyType {
+func parseLegoKeyAlgorithm(algo domain.CertificateKeyAlgorithmType) certcrypto.KeyType {
-	switch algo {
+	alogMap := map[domain.CertificateKeyAlgorithmType]certcrypto.KeyType{
-	case domain.CertificateKeyAlgorithmTypeRSA2048:
+		domain.CertificateKeyAlgorithmTypeRSA2048: certcrypto.RSA2048,
-		return certcrypto.RSA2048
+		domain.CertificateKeyAlgorithmTypeRSA3072: certcrypto.RSA3072,
-	case domain.CertificateKeyAlgorithmTypeRSA3072:
+		domain.CertificateKeyAlgorithmTypeRSA4096: certcrypto.RSA4096,
-		return certcrypto.RSA3072
+		domain.CertificateKeyAlgorithmTypeRSA8192: certcrypto.RSA8192,
-	case domain.CertificateKeyAlgorithmTypeRSA4096:
+		domain.CertificateKeyAlgorithmTypeEC256:   certcrypto.EC256,
-		return certcrypto.RSA4096
+		domain.CertificateKeyAlgorithmTypeEC384:   certcrypto.EC384,
-	case domain.CertificateKeyAlgorithmTypeRSA8192:
+		domain.CertificateKeyAlgorithmTypeEC512:   certcrypto.KeyType("P512"),
-		return certcrypto.RSA8192
+	}
-	case domain.CertificateKeyAlgorithmTypeEC256:
+
-		return certcrypto.EC256
+	if keyType, ok := alogMap[algo]; ok {
-	case domain.CertificateKeyAlgorithmTypeEC384:
+		return keyType
 		return certcrypto.EC384
 	}
 	return certcrypto.RSA2048
 }
 // TODO: 暂时使用代理模式以兼容之前版本代码，后续重新实现此处逻辑
 type proxyApplicant struct {
 	applicant challenge.Provider
 	options   *applicantOptions
 }
 var limiters sync.Map
 const (
 	limitBurst         = 300
 	limitRate  float64 = float64(1) / float64(36)
 )
 func getLimiter(key string) *rate.Limiter {
 	limiter, _ := limiters.LoadOrStore(key, rate.NewLimiter(rate.Limit(limitRate), 300))
 	return limiter.(*rate.Limiter)
 }
 func (d *proxyApplicant) Apply() (*ApplyCertResult, error) {
 	limiter := getLimiter(fmt.Sprintf("apply_%s", d.options.ContactEmail))
 	limiter.Wait(context.Background())
 	return apply(d.applicant, d.options)
 }
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -8,38 +8,71 @@ import (
 	"github.com/usual2970/certimate/internal/domain"
 	pACMEHttpReq "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/acmehttpreq"
 	pAliyun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun"
 	pAliyunESA "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa"
 	pAWSRoute53 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53"
 	pAzureDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns"
 	pBaiduCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud"
 	pBunny "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny"
 	pCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare"
 	pClouDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudns"
 	pCMCCCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud"
 	pConstellix "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix"
 	pDeSEC "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/desec"
 	pDigitalOcean "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean"
 	pDNSLA "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla"
 	pDuckDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/duckdns"
 	pDynv6 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6"
 	pGcore "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/gcore"
 	pGname "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname"
 	pGoDaddy "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/godaddy"
 	pHetzner "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/hetzner"
 	pHuaweiCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/huaweicloud"
 	pJDCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud"
 	pNamecheap "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/namecheap"
 	pNameDotCom "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/namedotcom"
 	pNameSilo "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/namesilo"
 	pNetcup "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/netcup"
 	pNetlify "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/netlify"
 	pNS1 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/ns1"
 	pPorkbun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/porkbun"
 	pPowerDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns"
 	pRainYun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/rainyun"
 	pTencentCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud"
 	pTencentCloudEO "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo"
 	pUCloudUDNR "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr"
 	pVercel "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/vercel"
 	pVolcEngine "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/volcengine"
 	pWestcn "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/westcn"
-	"github.com/usual2970/certimate/internal/pkg/utils/maputil"
+	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
-func createApplicant(options *applicantOptions) (challenge.Provider, error) {
+type applicantProviderOptions struct {
 	Domains                 []string
 	ContactEmail            string
 	Provider                domain.ACMEDns01ProviderType
 	ProviderAccessConfig    map[string]any
 	ProviderServiceConfig   map[string]any
 	CAProvider              domain.CAProviderType
 	CAProviderAccessId      string
 	CAProviderAccessConfig  map[string]any
 	CAProviderServiceConfig map[string]any
 	KeyAlgorithm            string
 	Nameservers             []string
 	DnsPropagationWait      int32
 	DnsPropagationTimeout   int32
 	DnsTTL                  int32
 	DisableFollowCNAME      bool
 	ARIReplaceAcct          string
 	ARIReplaceCert          string
 }
 func createApplicantProvider(options *applicantProviderOptions) (challenge.Provider, error) {
 	/*
 	  注意：如果追加新的常量值，请保持以 ASCII 排序。
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
 	switch options.Provider {
-	case domain.ApplyDNSProviderTypeACMEHttpReq:
+	case domain.ACMEDns01ProviderTypeACMEHttpReq:
 		{
 			access := domain.AccessConfigForACMEHttpReq{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -56,23 +89,39 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeAliyun, domain.ApplyDNSProviderTypeAliyunDNS:
+	case domain.ACMEDns01ProviderTypeAliyun, domain.ACMEDns01ProviderTypeAliyunDNS, domain.ACMEDns01ProviderTypeAliyunESA:
 		{
 			access := domain.AccessConfigForAliyun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
-			applicant, err := pAliyun.NewChallengeProvider(&pAliyun.ChallengeProviderConfig{
+			switch options.Provider {
-				AccessKeyId:           access.AccessKeyId,
+			case domain.ACMEDns01ProviderTypeAliyun, domain.ACMEDns01ProviderTypeAliyunDNS:
-				AccessKeySecret:       access.AccessKeySecret,
+				applicant, err := pAliyun.NewChallengeProvider(&pAliyun.ChallengeProviderConfig{
-				DnsPropagationTimeout: options.DnsPropagationTimeout,
+					AccessKeyId:           access.AccessKeyId,
-				DnsTTL:                options.DnsTTL,
+					AccessKeySecret:       access.AccessKeySecret,
-			})
+					DnsPropagationTimeout: options.DnsPropagationTimeout,
-			return applicant, err
+					DnsTTL:                options.DnsTTL,
 				})
 				return applicant, err
 			case domain.ACMEDns01ProviderTypeAliyunESA:
 				applicant, err := pAliyunESA.NewChallengeProvider(&pAliyunESA.ChallengeProviderConfig{
 					AccessKeyId:           access.AccessKeyId,
 					AccessKeySecret:       access.AccessKeySecret,
 					Region:                maputil.GetString(options.ProviderServiceConfig, "region"),
 					DnsPropagationTimeout: options.DnsPropagationTimeout,
 					DnsTTL:                options.DnsTTL,
 				})
 				return applicant, err
 			default:
 				break
 			}
 		}
-	case domain.ApplyDNSProviderTypeAWS, domain.ApplyDNSProviderTypeAWSRoute53:
+	case domain.ACMEDns01ProviderTypeAWS, domain.ACMEDns01ProviderTypeAWSRoute53:
 		{
 			access := domain.AccessConfigForAWS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -82,15 +131,15 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			applicant, err := pAWSRoute53.NewChallengeProvider(&pAWSRoute53.ChallengeProviderConfig{
 				AccessKeyId:           access.AccessKeyId,
 				SecretAccessKey:       access.SecretAccessKey,
-				Region:                maputil.GetString(options.ProviderApplyConfig, "region"),
+				Region:                maputil.GetString(options.ProviderServiceConfig, "region"),
-				HostedZoneId:          maputil.GetString(options.ProviderApplyConfig, "hostedZoneId"),
+				HostedZoneId:          maputil.GetString(options.ProviderServiceConfig, "hostedZoneId"),
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeAzure, domain.ApplyDNSProviderTypeAzureDNS:
+	case domain.ACMEDns01ProviderTypeAzure, domain.ACMEDns01ProviderTypeAzureDNS:
 		{
 			access := domain.AccessConfigForAzure{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -108,7 +157,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeBaiduCloud, domain.ApplyDNSProviderTypeBaiduCloudDNS:
+	case domain.ACMEDns01ProviderTypeBaiduCloud, domain.ACMEDns01ProviderTypeBaiduCloudDNS:
 		{
 			access := domain.AccessConfigForBaiduCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -124,7 +173,22 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeCloudflare:
+	case domain.ACMEDns01ProviderTypeBunny:
 		{
 			access := domain.AccessConfigForBunny{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pBunny.NewChallengeProvider(&pBunny.ChallengeProviderConfig{
 				ApiKey:                access.ApiKey,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeCloudflare:
 		{
 			access := domain.AccessConfigForCloudflare{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -133,13 +197,14 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			applicant, err := pCloudflare.NewChallengeProvider(&pCloudflare.ChallengeProviderConfig{
 				DnsApiToken:           access.DnsApiToken,
 				ZoneApiToken:          access.ZoneApiToken,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeClouDNS:
+	case domain.ACMEDns01ProviderTypeClouDNS:
 		{
 			access := domain.AccessConfigForClouDNS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -155,7 +220,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeCMCCCloud:
+	case domain.ACMEDns01ProviderTypeCMCCCloud:
 		{
 			access := domain.AccessConfigForCMCCCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -171,7 +236,53 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeDNSLA:
+	case domain.ACMEDns01ProviderTypeConstellix:
 		{
 			access := domain.AccessConfigForConstellix{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pConstellix.NewChallengeProvider(&pConstellix.ChallengeProviderConfig{
 				ApiKey:                access.ApiKey,
 				SecretKey:             access.SecretKey,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeDeSEC:
 		{
 			access := domain.AccessConfigForDeSEC{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pDeSEC.NewChallengeProvider(&pDeSEC.ChallengeProviderConfig{
 				Token:                 access.Token,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeDigitalOcean:
 		{
 			access := domain.AccessConfigForDigitalOcean{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pDigitalOcean.NewChallengeProvider(&pDigitalOcean.ChallengeProviderConfig{
 				AccessToken:           access.AccessToken,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeDNSLA:
 		{
 			access := domain.AccessConfigForDNSLA{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -187,7 +298,21 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeDynv6:
+	case domain.ACMEDns01ProviderTypeDuckDNS:
 		{
 			access := domain.AccessConfigForDuckDNS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pDuckDNS.NewChallengeProvider(&pDuckDNS.ChallengeProviderConfig{
 				Token:                 access.Token,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeDynv6:
 		{
 			access := domain.AccessConfigForDynv6{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -202,7 +327,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeGcore:
+	case domain.ACMEDns01ProviderTypeGcore:
 		{
 			access := domain.AccessConfigForGcore{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -217,7 +342,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeGname:
+	case domain.ACMEDns01ProviderTypeGname:
 		{
 			access := domain.AccessConfigForGname{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -233,7 +358,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeGoDaddy:
+	case domain.ACMEDns01ProviderTypeGoDaddy:
 		{
 			access := domain.AccessConfigForGoDaddy{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -249,7 +374,22 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeHuaweiCloud, domain.ApplyDNSProviderTypeHuaweiCloudDNS:
+	case domain.ACMEDns01ProviderTypeHetzner:
 		{
 			access := domain.AccessConfigForHetzner{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pHetzner.NewChallengeProvider(&pHetzner.ChallengeProviderConfig{
 				ApiToken:              access.ApiToken,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeHuaweiCloud, domain.ACMEDns01ProviderTypeHuaweiCloudDNS:
 		{
 			access := domain.AccessConfigForHuaweiCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -259,14 +399,14 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			applicant, err := pHuaweiCloud.NewChallengeProvider(&pHuaweiCloud.ChallengeProviderConfig{
 				AccessKeyId:           access.AccessKeyId,
 				SecretAccessKey:       access.SecretAccessKey,
-				Region:                maputil.GetString(options.ProviderApplyConfig, "region"),
+				Region:                maputil.GetString(options.ProviderServiceConfig, "region"),
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeJDCloud, domain.ApplyDNSProviderTypeJDCloudDNS:
+	case domain.ACMEDns01ProviderTypeJDCloud, domain.ACMEDns01ProviderTypeJDCloudDNS:
 		{
 			access := domain.AccessConfigForJDCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -276,14 +416,14 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			applicant, err := pJDCloud.NewChallengeProvider(&pJDCloud.ChallengeProviderConfig{
 				AccessKeyId:           access.AccessKeyId,
 				AccessKeySecret:       access.AccessKeySecret,
-				RegionId:              maputil.GetString(options.ProviderApplyConfig, "region_id"),
+				RegionId:              maputil.GetString(options.ProviderServiceConfig, "regionId"),
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeNamecheap:
+	case domain.ACMEDns01ProviderTypeNamecheap:
 		{
 			access := domain.AccessConfigForNamecheap{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -299,7 +439,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeNameDotCom:
+	case domain.ACMEDns01ProviderTypeNameDotCom:
 		{
 			access := domain.AccessConfigForNameDotCom{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -315,7 +455,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeNameSilo:
+	case domain.ACMEDns01ProviderTypeNameSilo:
 		{
 			access := domain.AccessConfigForNameSilo{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -330,7 +470,39 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeNS1:
+	case domain.ACMEDns01ProviderTypeNetcup:
 		{
 			access := domain.AccessConfigForNetcup{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pNetcup.NewChallengeProvider(&pNetcup.ChallengeProviderConfig{
 				CustomerNumber:        access.CustomerNumber,
 				ApiKey:                access.ApiKey,
 				ApiPassword:           access.ApiPassword,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeNetlify:
 		{
 			access := domain.AccessConfigForNetlify{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pNetlify.NewChallengeProvider(&pNetlify.ChallengeProviderConfig{
 				ApiToken:              access.ApiToken,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeNS1:
 		{
 			access := domain.AccessConfigForNS1{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -345,7 +517,23 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypePowerDNS:
+	case domain.ACMEDns01ProviderTypePorkbun:
 		{
 			access := domain.AccessConfigForPorkbun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pPorkbun.NewChallengeProvider(&pPorkbun.ChallengeProviderConfig{
 				ApiKey:                access.ApiKey,
 				SecretApiKey:          access.SecretApiKey,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypePowerDNS:
 		{
 			access := domain.AccessConfigForPowerDNS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -353,15 +541,16 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			}
 			applicant, err := pPowerDNS.NewChallengeProvider(&pPowerDNS.ChallengeProviderConfig{
-				ApiUrl:                access.ApiUrl,
+				ServerUrl:                access.ServerUrl,
-				ApiKey:                access.ApiKey,
+				ApiKey:                   access.ApiKey,
-				DnsPropagationTimeout: options.DnsPropagationTimeout,
+				AllowInsecureConnections: access.AllowInsecureConnections,
-				DnsTTL:                options.DnsTTL,
+				DnsPropagationTimeout:    options.DnsPropagationTimeout,
 				DnsTTL:                   options.DnsTTL,
 			})
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeRainYun:
+	case domain.ACMEDns01ProviderTypeRainYun:
 		{
 			access := domain.AccessConfigForRainYun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -376,23 +565,71 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeTencentCloud, domain.ApplyDNSProviderTypeTencentCloudDNS:
+	case domain.ACMEDns01ProviderTypeTencentCloud, domain.ACMEDns01ProviderTypeTencentCloudDNS, domain.ACMEDns01ProviderTypeTencentCloudEO:
 		{
 			access := domain.AccessConfigForTencentCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
-			applicant, err := pTencentCloud.NewChallengeProvider(&pTencentCloud.ChallengeProviderConfig{
+			switch options.Provider {
-				SecretId:              access.SecretId,
+			case domain.ACMEDns01ProviderTypeTencentCloud, domain.ACMEDns01ProviderTypeTencentCloudDNS:
-				SecretKey:             access.SecretKey,
+				applicant, err := pTencentCloud.NewChallengeProvider(&pTencentCloud.ChallengeProviderConfig{
 					SecretId:              access.SecretId,
 					SecretKey:             access.SecretKey,
 					DnsPropagationTimeout: options.DnsPropagationTimeout,
 					DnsTTL:                options.DnsTTL,
 				})
 				return applicant, err
 			case domain.ACMEDns01ProviderTypeTencentCloudEO:
 				applicant, err := pTencentCloudEO.NewChallengeProvider(&pTencentCloudEO.ChallengeProviderConfig{
 					SecretId:              access.SecretId,
 					SecretKey:             access.SecretKey,
 					ZoneId:                maputil.GetString(options.ProviderServiceConfig, "zoneId"),
 					DnsPropagationTimeout: options.DnsPropagationTimeout,
 					DnsTTL:                options.DnsTTL,
 				})
 				return applicant, err
 			default:
 				break
 			}
 		}
 	case domain.ACMEDns01ProviderTypeUCloudUDNR:
 		{
 			access := domain.AccessConfigForUCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pUCloudUDNR.NewChallengeProvider(&pUCloudUDNR.ChallengeProviderConfig{
 				PrivateKey:            access.PrivateKey,
 				PublicKey:             access.PublicKey,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeVolcEngine, domain.ApplyDNSProviderTypeVolcEngineDNS:
+	case domain.ACMEDns01ProviderTypeVercel:
 		{
 			access := domain.AccessConfigForVercel{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			applicant, err := pVercel.NewChallengeProvider(&pVercel.ChallengeProviderConfig{
 				ApiAccessToken:        access.ApiAccessToken,
 				TeamId:                access.TeamId,
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
 			return applicant, err
 		}
 	case domain.ACMEDns01ProviderTypeVolcEngine, domain.ACMEDns01ProviderTypeVolcEngineDNS:
 		{
 			access := domain.AccessConfigForVolcEngine{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -408,7 +645,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
-	case domain.ApplyDNSProviderTypeWestcn:
+	case domain.ACMEDns01ProviderTypeWestcn:
 		{
 			access := domain.AccessConfigForWestcn{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -425,5 +662,5 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 		}
 	}
-	return nil, fmt.Errorf("unsupported applicant provider: %s", string(options.Provider))
+	return nil, fmt.Errorf("unsupported applicant provider '%s'", string(options.Provider))
 }
--- a/internal/certificate/service.go
+++ b/internal/certificate/service.go
@@ -17,7 +17,7 @@ import (
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/domain/dtos"
 	"github.com/usual2970/certimate/internal/notify"
-	"github.com/usual2970/certimate/internal/pkg/utils/certutil"
+	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
 	"github.com/usual2970/certimate/internal/repository"
 )
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -11,71 +11,62 @@ import (
 )
 type Deployer interface {
 	SetLogger(*slog.Logger)
 	Deploy(ctx context.Context) error
 }
-type deployerOptions struct {
+type DeployerWithWorkflowNodeConfig struct {
-	Provider             domain.DeployProviderType
+	Node           *domain.WorkflowNode
-	ProviderAccessConfig map[string]any
+	Logger         *slog.Logger
-	ProviderDeployConfig map[string]any
+	CertificatePEM string
 	PrivateKeyPEM  string
 }
-func NewWithDeployNode(node *domain.WorkflowNode, certdata struct {
+func NewWithWorkflowNode(config DeployerWithWorkflowNodeConfig) (Deployer, error) {
-	Certificate string
+	if config.Node == nil {
-	PrivateKey  string
+		return nil, fmt.Errorf("node is nil")
-},
+	}
-) (Deployer, error) {
+	if config.Node.Type != domain.WorkflowNodeTypeDeploy {
-	if node.Type != domain.WorkflowNodeTypeDeploy {
+		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeDeploy))
 		return nil, fmt.Errorf("node type is not deploy")
 	}
-	nodeConfig := node.GetConfigForDeploy()
+	nodeCfg := config.Node.GetConfigForDeploy()
 	options := &deployerProviderOptions{
 		Provider:              domain.DeploymentProviderType(nodeCfg.Provider),
 		ProviderAccessConfig:  make(map[string]any),
 		ProviderServiceConfig: nodeCfg.ProviderConfig,
 	}
 	accessRepo := repository.NewAccessRepository()
-	access, err := accessRepo.GetById(context.Background(), nodeConfig.ProviderAccessId)
+	if nodeCfg.ProviderAccessId != "" {
-	if err != nil {
+		access, err := accessRepo.GetById(context.Background(), nodeCfg.ProviderAccessId)
-		return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.ProviderAccessId, err)
+		if err != nil {
 			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.ProviderAccessId, err)
 		} else {
 			options.ProviderAccessConfig = access.Config
 		}
 	}
-	accessConfig, err := access.UnmarshalConfigToMap()
+	deployerProvider, err := createDeployerProvider(options)
 	if err != nil {
 		return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
 	}
 	deployer, err := createDeployer(&deployerOptions{
 		Provider:             domain.DeployProviderType(nodeConfig.Provider),
 		ProviderAccessConfig: accessConfig,
 		ProviderDeployConfig: nodeConfig.ProviderConfig,
 	})
 	if err != nil {
 		return nil, err
 	}
-	return &proxyDeployer{
+	return &deployerImpl{
-		deployer:          deployer,
+		provider:   deployerProvider.WithLogger(config.Logger),
-		deployCertificate: certdata.Certificate,
+		certPEM:    config.CertificatePEM,
-		deployPrivateKey:  certdata.PrivateKey,
+		privkeyPEM: config.PrivateKeyPEM,
 	}, nil
 }
-// TODO: 暂时使用代理模式以兼容之前版本代码，后续重新实现此处逻辑
+type deployerImpl struct {
-type proxyDeployer struct {
+	provider   deployer.Deployer
-	deployer          deployer.Deployer
+	certPEM    string
-	deployCertificate string
+	privkeyPEM string
 	deployPrivateKey  string
 }
-func (d *proxyDeployer) SetLogger(logger *slog.Logger) {
+var _ Deployer = (*deployerImpl)(nil)
 	if logger == nil {
 		panic("logger is nil")
 	}
-	d.deployer.WithLogger(logger)
+func (d *deployerImpl) Deploy(ctx context.Context) error {
-}
+	_, err := d.provider.Deploy(ctx, d.certPEM, d.privkeyPEM)
 func (d *proxyDeployer) Deploy(ctx context.Context) error {
 	_, err := d.deployer.Deploy(ctx, d.deployCertificate, d.deployPrivateKey)
 	return err
 }
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -1,7 +1,6 @@
 package domain
 import (
 	"encoding/json"
 	"time"
 )
@@ -9,27 +8,26 @@ const CollectionNameAccess = "access"
 type Access struct {
 	Meta
-	Name      string     `json:"name" db:"name"`
+	Name      string         `json:"name" db:"name"`
-	Provider  string     `json:"provider" db:"provider"`
+	Provider  string         `json:"provider" db:"provider"`
-	Config    string     `json:"config" db:"config"`
+	Config    map[string]any `json:"config" db:"config"`
-	DeletedAt *time.Time `json:"deleted" db:"deleted"`
+	Reserve   string         `json:"reserve,omitempty" db:"reserve"`
-}
+	DeletedAt *time.Time     `json:"deleted" db:"deleted"`
 func (a *Access) UnmarshalConfigToMap() (map[string]any, error) {
 	config := make(map[string]any)
 	if err := json.Unmarshal([]byte(a.Config), &config); err != nil {
 		return nil, err
 	}
 	return config, nil
 }
 type AccessConfigFor1Panel struct {
-	ApiUrl                   string `json:"apiUrl"`
+	ServerUrl                string `json:"serverUrl"`
 	ApiVersion               string `json:"apiVersion"`
 	ApiKey                   string `json:"apiKey"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForACMECA struct {
 	Endpoint   string `json:"endpoint"`
 	EabKid     string `json:"eabKid,omitempty"`
 	EabHmacKey string `json:"eabHmacKey,omitempty"`
 }
 type AccessConfigForACMEHttpReq struct {
 	Endpoint string `json:"endpoint"`
 	Mode     string `json:"mode,omitempty"`
@@ -40,6 +38,7 @@ type AccessConfigForACMEHttpReq struct {
 type AccessConfigForAliyun struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	AccessKeySecret string `json:"accessKeySecret"`
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 }
 type AccessConfigForAWS struct {
@@ -64,7 +63,13 @@ type AccessConfigForBaishan struct {
 }
 type AccessConfigForBaotaPanel struct {
-	ApiUrl                   string `json:"apiUrl"`
+	ServerUrl                string `json:"serverUrl"`
 	ApiKey                   string `json:"apiKey"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForBaotaWAF struct {
 	ServerUrl                string `json:"serverUrl"`
 	ApiKey                   string `json:"apiKey"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
@@ -74,18 +79,24 @@ type AccessConfigForBytePlus struct {
 	SecretKey string `json:"secretKey"`
 }
 type AccessConfigForBunny struct {
 	ApiKey string `json:"apiKey"`
 }
 type AccessConfigForCacheFly struct {
 	ApiToken string `json:"apiToken"`
 }
 type AccessConfigForCdnfly struct {
-	ApiUrl    string `json:"apiUrl"`
+	ServerUrl                string `json:"serverUrl"`
-	ApiKey    string `json:"apiKey"`
+	ApiKey                   string `json:"apiKey"`
-	ApiSecret string `json:"apiSecret"`
+	ApiSecret                string `json:"apiSecret"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForCloudflare struct {
-	DnsApiToken string `json:"dnsApiToken"`
+	DnsApiToken  string `json:"dnsApiToken"`
 	ZoneApiToken string `json:"zoneApiToken,omitempty"`
 }
 type AccessConfigForClouDNS struct {
@@ -98,6 +109,29 @@ type AccessConfigForCMCCCloud struct {
 	AccessKeySecret string `json:"accessKeySecret"`
 }
 type AccessConfigForConstellix struct {
 	ApiKey    string `json:"apiKey"`
 	SecretKey string `json:"secretKey"`
 }
 type AccessConfigForDeSEC struct {
 	Token string `json:"token"`
 }
 type AccessConfigForDigitalOcean struct {
 	AccessToken string `json:"accessToken"`
 }
 type AccessConfigForDingTalkBot struct {
 	WebhookUrl string `json:"webhookUrl"`
 	Secret     string `json:"secret"`
 }
 type AccessConfigForDiscordBot struct {
 	BotToken         string `json:"botToken"`
 	DefaultChannelId string `json:"defaultChannelId,omitempty"`
 }
 type AccessConfigForDNSLA struct {
 	ApiId     string `json:"apiId"`
 	ApiSecret string `json:"apiSecret"`
@@ -108,6 +142,10 @@ type AccessConfigForDogeCloud struct {
 	SecretKey string `json:"secretKey"`
 }
 type AccessConfigForDuckDNS struct {
 	Token string `json:"token"`
 }
 type AccessConfigForDynv6 struct {
 	HttpToken string `json:"httpToken"`
 }
@@ -117,6 +155,24 @@ type AccessConfigForEdgio struct {
 	ClientSecret string `json:"clientSecret"`
 }
 type AccessConfigForEmail struct {
 	SmtpHost               string `json:"smtpHost"`
 	SmtpPort               int32  `json:"smtpPort"`
 	SmtpTls                bool   `json:"smtpTls"`
 	Username               string `json:"username"`
 	Password               string `json:"password"`
 	DefaultSenderAddress   string `json:"defaultSenderAddress,omitempty"`
 	DefaultReceiverAddress string `json:"defaultReceiverAddress,omitempty"`
 }
 type AccessConfigForFlexCDN struct {
 	ServerUrl                string `json:"serverUrl"`
 	ApiRole                  string `json:"apiRole"`
 	AccessKeyId              string `json:"accessKeyId"`
 	AccessKey                string `json:"accessKey"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForGcore struct {
 	ApiToken string `json:"apiToken"`
 }
@@ -131,9 +187,27 @@ type AccessConfigForGoDaddy struct {
 	ApiSecret string `json:"apiSecret"`
 }
 type AccessConfigForGoEdge struct {
 	ServerUrl                string `json:"serverUrl"`
 	ApiRole                  string `json:"apiRole"`
 	AccessKeyId              string `json:"accessKeyId"`
 	AccessKey                string `json:"accessKey"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForGoogleTrustServices struct {
 	EabKid     string `json:"eabKid"`
 	EabHmacKey string `json:"eabHmacKey"`
 }
 type AccessConfigForHetzner struct {
 	ApiToken string `json:"apiToken"`
 }
 type AccessConfigForHuaweiCloud struct {
-	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeyId         string `json:"accessKeyId"`
-	SecretAccessKey string `json:"secretAccessKey"`
+	SecretAccessKey     string `json:"secretAccessKey"`
 	EnterpriseProjectId string `json:"enterpriseProjectId,omitempty"`
 }
 type AccessConfigForJDCloud struct {
@@ -145,7 +219,25 @@ type AccessConfigForKubernetes struct {
 	KubeConfig string `json:"kubeConfig,omitempty"`
 }
-type AccessConfigForLocal struct{}
+type AccessConfigForLarkBot struct {
 	WebhookUrl string `json:"webhookUrl"`
 }
 type AccessConfigForLeCDN struct {
 	ServerUrl                string `json:"serverUrl"`
 	ApiVersion               string `json:"apiVersion"`
 	ApiRole                  string `json:"apiRole"`
 	Username                 string `json:"username"`
 	Password                 string `json:"password"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForMattermost struct {
 	ServerUrl        string `json:"serverUrl"`
 	Username         string `json:"username"`
 	Password         string `json:"password"`
 	DefaultChannelId string `json:"defaultChannelId,omitempty"`
 }
 type AccessConfigForNamecheap struct {
 	Username string `json:"username"`
@@ -161,13 +253,36 @@ type AccessConfigForNameSilo struct {
 	ApiKey string `json:"apiKey"`
 }
 type AccessConfigForNetcup struct {
 	CustomerNumber string `json:"customerNumber"`
 	ApiKey         string `json:"apiKey"`
 	ApiPassword    string `json:"apiPassword"`
 }
 type AccessConfigForNetlify struct {
 	ApiToken string `json:"apiToken"`
 }
 type AccessConfigForNS1 struct {
 	ApiKey string `json:"apiKey"`
 }
 type AccessConfigForPorkbun struct {
 	ApiKey       string `json:"apiKey"`
 	SecretApiKey string `json:"secretApiKey"`
 }
 type AccessConfigForPowerDNS struct {
-	ApiUrl string `json:"apiUrl"`
+	ServerUrl                string `json:"serverUrl"`
-	ApiKey string `json:"apiKey"`
+	ApiKey                   string `json:"apiKey"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForProxmoxVE struct {
 	ServerUrl                string `json:"serverUrl"`
 	ApiToken                 string `json:"apiToken"`
 	ApiTokenSecret           string `json:"apiTokenSecret,omitempty"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForQiniu struct {
@@ -179,19 +294,51 @@ type AccessConfigForRainYun struct {
 	ApiKey string `json:"apiKey"`
 }
 type AccessConfigForRatPanel struct {
 	ServerUrl                string `json:"serverUrl"`
 	AccessTokenId            int32  `json:"accessTokenId"`
 	AccessToken              string `json:"accessToken"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForSafeLine struct {
-	ApiUrl                   string `json:"apiUrl"`
+	ServerUrl                string `json:"serverUrl"`
 	ApiToken                 string `json:"apiToken"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 type AccessConfigForSlackBot struct {
 	BotToken         string `json:"botToken"`
 	DefaultChannelId string `json:"defaultChannelId,omitempty"`
 }
 type AccessConfigForSSH struct {
 	Host          string `json:"host"`
 	Port          int32  `json:"port"`
-	Username      string `json:"username"`
+	AuthMethod    string `json:"authMethod,omitempty"`
 	Username      string `json:"username,omitempty"`
 	Password      string `json:"password,omitempty"`
 	Key           string `json:"key,omitempty"`
 	KeyPassphrase string `json:"keyPassphrase,omitempty"`
 	JumpServers   []struct {
 		Host          string `json:"host"`
 		Port          int32  `json:"port"`
 		AuthMethod    string `json:"authMethod,omitempty"`
 		Username      string `json:"username,omitempty"`
 		Password      string `json:"password,omitempty"`
 		Key           string `json:"key,omitempty"`
 		KeyPassphrase string `json:"keyPassphrase,omitempty"`
 	} `json:"jumpServers,omitempty"`
 }
 type AccessConfigForSSLCom struct {
 	EabKid     string `json:"eabKid"`
 	EabHmacKey string `json:"eabHmacKey"`
 }
 type AccessConfigForTelegramBot struct {
 	BotToken      string `json:"botToken"`
 	DefaultChatId int64  `json:"defaultChatId,omitempty"`
 }
 type AccessConfigForTencentCloud struct {
@@ -205,22 +352,51 @@ type AccessConfigForUCloud struct {
 	ProjectId  string `json:"projectId,omitempty"`
 }
 type AccessConfigForUniCloud struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 }
 type AccessConfigForUpyun struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 }
 type AccessConfigForVercel struct {
 	ApiAccessToken string `json:"apiAccessToken"`
 	TeamId         string `json:"teamId,omitempty"`
 }
 type AccessConfigForVolcEngine struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	SecretAccessKey string `json:"secretAccessKey"`
 }
 type AccessConfigForWangsu struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	AccessKeySecret string `json:"accessKeySecret"`
 	ApiKey          string `json:"apiKey"`
 }
 type AccessConfigForWebhook struct {
-	Url                      string `json:"url"`
+	Url                        string `json:"url"`
-	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
+	Method                     string `json:"method,omitempty"`
 	HeadersString              string `json:"headers,omitempty"`
 	AllowInsecureConnections   bool   `json:"allowInsecureConnections,omitempty"`
 	DefaultDataForDeployment   string `json:"defaultDataForDeployment,omitempty"`
 	DefaultDataForNotification string `json:"defaultDataForNotification,omitempty"`
 }
 type AccessConfigForWeComBot struct {
 	WebhookUrl string `json:"webhookUrl"`
 }
 type AccessConfigForWestcn struct {
 	Username    string `json:"username"`
-	ApiPassword string `json:"password"`
+	ApiPassword string `json:"apiPassword"`
 }
 type AccessConfigForZeroSSL struct {
 	EabKid     string `json:"eabKid"`
 	EabHmacKey string `json:"eabHmacKey"`
 }
--- a/internal/domain/certificate.go
+++ b/internal/domain/certificate.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"time"
-	"github.com/usual2970/certimate/internal/pkg/utils/certutil"
+	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
 )
 const CollectionNameCertificate = "certificate"
@@ -20,7 +20,7 @@ type Certificate struct {
 	SerialNumber      string                      `json:"serialNumber" db:"serialNumber"`
 	Certificate       string                      `json:"certificate" db:"certificate"`
 	PrivateKey        string                      `json:"privateKey" db:"privateKey"`
-	Issuer            string                      `json:"issuer" db:"issuer"`
+	IssuerOrg         string                      `json:"issuerOrg" db:"issuerOrg"`
 	IssuerCertificate string                      `json:"issuerCertificate" db:"issuerCertificate"`
 	KeyAlgorithm      CertificateKeyAlgorithmType `json:"keyAlgorithm" db:"keyAlgorithm"`
 	EffectAt          time.Time                   `json:"effectAt" db:"effectAt"`
@@ -28,6 +28,7 @@ type Certificate struct {
 	ACMEAccountUrl    string                      `json:"acmeAccountUrl" db:"acmeAccountUrl"`
 	ACMECertUrl       string                      `json:"acmeCertUrl" db:"acmeCertUrl"`
 	ACMECertStableUrl string                      `json:"acmeCertStableUrl" db:"acmeCertStableUrl"`
 	ACMERenewed       bool                        `json:"acmeRenewed" db:"acmeRenewed"`
 	WorkflowId        string                      `json:"workflowId" db:"workflowId"`
 	WorkflowNodeId    string                      `json:"workflowNodeId" db:"workflowNodeId"`
 	WorkflowRunId     string                      `json:"workflowRunId" db:"workflowRunId"`
@@ -38,7 +39,7 @@ type Certificate struct {
 func (c *Certificate) PopulateFromX509(certX509 *x509.Certificate) *Certificate {
 	c.SubjectAltNames = strings.Join(certX509.DNSNames, ";")
 	c.SerialNumber = strings.ToUpper(certX509.SerialNumber.Text(16))
-	c.Issuer = strings.Join(certX509.Issuer.Organization, ";")
+	c.IssuerOrg = strings.Join(certX509.Issuer.Organization, ";")
 	c.EffectAt = certX509.NotBefore
 	c.ExpireAt = certX509.NotAfter
--- a/internal/domain/dtos/certificate.go
+++ b/internal/domain/dtos/certificate.go
@@ -1,4 +1,4 @@
-package dtos
+package dtos
 type CertificateArchiveFileReq struct {
 	CertificateId string `json:"-"`
--- a/internal/domain/dtos/notify.go
+++ b/internal/domain/dtos/notify.go
@@ -1,4 +1,4 @@
-package dtos
+package dtos
 import "github.com/usual2970/certimate/internal/domain"
--- a/internal/domain/dtos/workflow.go
+++ b/internal/domain/dtos/workflow.go
@@ -1,4 +1,4 @@
-package dtos
+package dtos
 import "github.com/usual2970/certimate/internal/domain"
--- a/internal/domain/expr/expr.go
+++ b/internal/domain/expr/expr.go
@@ -0,0 +1,630 @@
 package expr
 import (
 	"encoding/json"
 	"fmt"
 	"strconv"
 )
 type (
 	ExprType               string
 	ExprComparisonOperator string
 	ExprLogicalOperator    string
 	ExprValueType          string
 )
 const (
 	GreaterThan    ExprComparisonOperator = "gt"
 	GreaterOrEqual ExprComparisonOperator = "gte"
 	LessThan       ExprComparisonOperator = "lt"
 	LessOrEqual    ExprComparisonOperator = "lte"
 	Equal          ExprComparisonOperator = "eq"
 	NotEqual       ExprComparisonOperator = "neq"
 	And ExprLogicalOperator = "and"
 	Or  ExprLogicalOperator = "or"
 	Not ExprLogicalOperator = "not"
 	Number  ExprValueType = "number"
 	String  ExprValueType = "string"
 	Boolean ExprValueType = "boolean"
 	ConstantExprType   ExprType = "const"
 	VariantExprType    ExprType = "var"
 	ComparisonExprType ExprType = "comparison"
 	LogicalExprType    ExprType = "logical"
 	NotExprType        ExprType = "not"
 )
 type EvalResult struct {
 	Type  ExprValueType
 	Value any
 }
 func (e *EvalResult) GetFloat64() (float64, error) {
 	if e.Type != Number {
 		return 0, fmt.Errorf("type mismatch: %s", e.Type)
 	}
 	stringValue, ok := e.Value.(string)
 	if !ok {
 		return 0, fmt.Errorf("value is not a string: %v", e.Value)
 	}
 	floatValue, err := strconv.ParseFloat(stringValue, 64)
 	if err != nil {
 		return 0, fmt.Errorf("failed to parse float64: %v", err)
 	}
 	return floatValue, nil
 }
 func (e *EvalResult) GetBool() (bool, error) {
 	if e.Type != Boolean {
 		return false, fmt.Errorf("type mismatch: %s", e.Type)
 	}
 	strValue, ok := e.Value.(string)
 	if ok {
 		if strValue == "true" {
 			return true, nil
 		} else if strValue == "false" {
 			return false, nil
 		}
 		return false, fmt.Errorf("value is not a boolean: %v", e.Value)
 	}
 	boolValue, ok := e.Value.(bool)
 	if !ok {
 		return false, fmt.Errorf("value is not a boolean: %v", e.Value)
 	}
 	return boolValue, nil
 }
 func (e *EvalResult) GreaterThan(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case String:
 		return &EvalResult{
 			Type:  Boolean,
 			Value: e.Value.(string) > other.Value.(string),
 		}, nil
 	case Number:
 		left, err := e.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left > right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) GreaterOrEqual(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case String:
 		return &EvalResult{
 			Type:  Boolean,
 			Value: e.Value.(string) >= other.Value.(string),
 		}, nil
 	case Number:
 		left, err := e.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left >= right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) LessThan(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case String:
 		return &EvalResult{
 			Type:  Boolean,
 			Value: e.Value.(string) < other.Value.(string),
 		}, nil
 	case Number:
 		left, err := e.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left < right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) LessOrEqual(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case String:
 		return &EvalResult{
 			Type:  Boolean,
 			Value: e.Value.(string) <= other.Value.(string),
 		}, nil
 	case Number:
 		left, err := e.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left <= right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) Equal(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case String:
 		return &EvalResult{
 			Type:  Boolean,
 			Value: e.Value.(string) == other.Value.(string),
 		}, nil
 	case Number:
 		left, err := e.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left == right,
 		}, nil
 	case Boolean:
 		left, err := e.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left == right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) NotEqual(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case String:
 		return &EvalResult{
 			Type:  Boolean,
 			Value: e.Value.(string) != other.Value.(string),
 		}, nil
 	case Number:
 		left, err := e.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetFloat64()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left != right,
 		}, nil
 	case Boolean:
 		left, err := e.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left != right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) And(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case Boolean:
 		left, err := e.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left && right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) Or(other *EvalResult) (*EvalResult, error) {
 	if e.Type != other.Type {
 		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
 	}
 	switch e.Type {
 	case Boolean:
 		left, err := e.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		right, err := other.GetBool()
 		if err != nil {
 			return nil, err
 		}
 		return &EvalResult{
 			Type:  Boolean,
 			Value: left || right,
 		}, nil
 	default:
 		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
 	}
 }
 func (e *EvalResult) Not() (*EvalResult, error) {
 	if e.Type != Boolean {
 		return nil, fmt.Errorf("type mismatch: %s", e.Type)
 	}
 	boolValue, err := e.GetBool()
 	if err != nil {
 		return nil, err
 	}
 	return &EvalResult{
 		Type:  Boolean,
 		Value: !boolValue,
 	}, nil
 }
 type Expr interface {
 	GetType() ExprType
 	Eval(variables map[string]map[string]any) (*EvalResult, error)
 }
 type ExprValueSelector struct {
 	Id   string        `json:"id"`
 	Name string        `json:"name"`
 	Type ExprValueType `json:"type"`
 }
 type ConstantExpr struct {
 	Type      ExprType      `json:"type"`
 	Value     string        `json:"value"`
 	ValueType ExprValueType `json:"valueType"`
 }
 func (c ConstantExpr) GetType() ExprType { return c.Type }
 func (c ConstantExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
 	return &EvalResult{
 		Type:  c.ValueType,
 		Value: c.Value,
 	}, nil
 }
 type VariantExpr struct {
 	Type     ExprType          `json:"type"`
 	Selector ExprValueSelector `json:"selector"`
 }
 func (v VariantExpr) GetType() ExprType { return v.Type }
 func (v VariantExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
 	if v.Selector.Id == "" {
 		return nil, fmt.Errorf("node id is empty")
 	}
 	if v.Selector.Name == "" {
 		return nil, fmt.Errorf("name is empty")
 	}
 	if _, ok := variables[v.Selector.Id]; !ok {
 		return nil, fmt.Errorf("node %s not found", v.Selector.Id)
 	}
 	if _, ok := variables[v.Selector.Id][v.Selector.Name]; !ok {
 		return nil, fmt.Errorf("variable %s not found in node %s", v.Selector.Name, v.Selector.Id)
 	}
 	return &EvalResult{
 		Type:  v.Selector.Type,
 		Value: variables[v.Selector.Id][v.Selector.Name],
 	}, nil
 }
 type ComparisonExpr struct {
 	Type     ExprType               `json:"type"` // compare
 	Operator ExprComparisonOperator `json:"operator"`
 	Left     Expr                   `json:"left"`
 	Right    Expr                   `json:"right"`
 }
 func (c ComparisonExpr) GetType() ExprType { return c.Type }
 func (c ComparisonExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
 	left, err := c.Left.Eval(variables)
 	if err != nil {
 		return nil, err
 	}
 	right, err := c.Right.Eval(variables)
 	if err != nil {
 		return nil, err
 	}
 	switch c.Operator {
 	case GreaterThan:
 		return left.GreaterThan(right)
 	case LessThan:
 		return left.LessThan(right)
 	case GreaterOrEqual:
 		return left.GreaterOrEqual(right)
 	case LessOrEqual:
 		return left.LessOrEqual(right)
 	case Equal:
 		return left.Equal(right)
 	case NotEqual:
 		return left.NotEqual(right)
 	default:
 		return nil, fmt.Errorf("unknown expression operator: %s", c.Operator)
 	}
 }
 type LogicalExpr struct {
 	Type     ExprType            `json:"type"` // logical
 	Operator ExprLogicalOperator `json:"operator"`
 	Left     Expr                `json:"left"`
 	Right    Expr                `json:"right"`
 }
 func (l LogicalExpr) GetType() ExprType { return l.Type }
 func (l LogicalExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
 	left, err := l.Left.Eval(variables)
 	if err != nil {
 		return nil, err
 	}
 	right, err := l.Right.Eval(variables)
 	if err != nil {
 		return nil, err
 	}
 	switch l.Operator {
 	case And:
 		return left.And(right)
 	case Or:
 		return left.Or(right)
 	default:
 		return nil, fmt.Errorf("unknown expression operator: %s", l.Operator)
 	}
 }
 type NotExpr struct {
 	Type ExprType `json:"type"` // not
 	Expr Expr     `json:"expr"`
 }
 func (n NotExpr) GetType() ExprType { return n.Type }
 func (n NotExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
 	inner, err := n.Expr.Eval(variables)
 	if err != nil {
 		return nil, err
 	}
 	return inner.Not()
 }
 type rawExpr struct {
 	Type ExprType `json:"type"`
 }
 func MarshalExpr(e Expr) ([]byte, error) {
 	return json.Marshal(e)
 }
 func UnmarshalExpr(data []byte) (Expr, error) {
 	var typ rawExpr
 	if err := json.Unmarshal(data, &typ); err != nil {
 		return nil, err
 	}
 	switch typ.Type {
 	case ConstantExprType:
 		var e ConstantExpr
 		if err := json.Unmarshal(data, &e); err != nil {
 			return nil, err
 		}
 		return e, nil
 	case VariantExprType:
 		var e VariantExpr
 		if err := json.Unmarshal(data, &e); err != nil {
 			return nil, err
 		}
 		return e, nil
 	case ComparisonExprType:
 		var e ComparisonExprRaw
 		if err := json.Unmarshal(data, &e); err != nil {
 			return nil, err
 		}
 		return e.ToComparisonExpr()
 	case LogicalExprType:
 		var e LogicalExprRaw
 		if err := json.Unmarshal(data, &e); err != nil {
 			return nil, err
 		}
 		return e.ToLogicalExpr()
 	case NotExprType:
 		var e NotExprRaw
 		if err := json.Unmarshal(data, &e); err != nil {
 			return nil, err
 		}
 		return e.ToNotExpr()
 	default:
 		return nil, fmt.Errorf("unknown expression type: %s", typ.Type)
 	}
 }
 type ComparisonExprRaw struct {
 	Type     ExprType               `json:"type"`
 	Operator ExprComparisonOperator `json:"operator"`
 	Left     json.RawMessage        `json:"left"`
 	Right    json.RawMessage        `json:"right"`
 }
 func (r ComparisonExprRaw) ToComparisonExpr() (ComparisonExpr, error) {
 	leftExpr, err := UnmarshalExpr(r.Left)
 	if err != nil {
 		return ComparisonExpr{}, err
 	}
 	rightExpr, err := UnmarshalExpr(r.Right)
 	if err != nil {
 		return ComparisonExpr{}, err
 	}
 	return ComparisonExpr{
 		Type:     r.Type,
 		Operator: r.Operator,
 		Left:     leftExpr,
 		Right:    rightExpr,
 	}, nil
 }
 type LogicalExprRaw struct {
 	Type     ExprType            `json:"type"`
 	Operator ExprLogicalOperator `json:"operator"`
 	Left     json.RawMessage     `json:"left"`
 	Right    json.RawMessage     `json:"right"`
 }
 func (r LogicalExprRaw) ToLogicalExpr() (LogicalExpr, error) {
 	left, err := UnmarshalExpr(r.Left)
 	if err != nil {
 		return LogicalExpr{}, err
 	}
 	right, err := UnmarshalExpr(r.Right)
 	if err != nil {
 		return LogicalExpr{}, err
 	}
 	return LogicalExpr{
 		Type:     r.Type,
 		Operator: r.Operator,
 		Left:     left,
 		Right:    right,
 	}, nil
 }
 type NotExprRaw struct {
 	Type ExprType        `json:"type"`
 	Expr json.RawMessage `json:"expr"`
 }
 func (r NotExprRaw) ToNotExpr() (NotExpr, error) {
 	inner, err := UnmarshalExpr(r.Expr)
 	if err != nil {
 		return NotExpr{}, err
 	}
 	return NotExpr{
 		Type: r.Type,
 		Expr: inner,
 	}, nil
 }
--- a/internal/domain/expr/expr_test.go
+++ b/internal/domain/expr/expr_test.go
@@ -0,0 +1,127 @@
 package expr
 import (
 	"testing"
 )
 func TestLogicalEval(t *testing.T) {
 	// 测试逻辑表达式 and
 	logicalExpr := LogicalExpr{
 		Left: ConstantExpr{
 			Type:      "const",
 			Value:     "true",
 			ValueType: "boolean",
 		},
 		Operator: And,
 		Right: ConstantExpr{
 			Type:      "const",
 			Value:     "true",
 			ValueType: "boolean",
 		},
 	}
 	result, err := logicalExpr.Eval(nil)
 	if err != nil {
 		t.Errorf("failed to evaluate logical expression: %v", err)
 	}
 	if result.Value != true {
 		t.Errorf("expected true, got %v", result)
 	}
 	// 测试逻辑表达式 or
 	orExpr := LogicalExpr{
 		Left: ConstantExpr{
 			Type:      "const",
 			Value:     "true",
 			ValueType: "boolean",
 		},
 		Operator: Or,
 		Right: ConstantExpr{
 			Type:      "const",
 			Value:     "true",
 			ValueType: "boolean",
 		},
 	}
 	result, err = orExpr.Eval(nil)
 	if err != nil {
 		t.Errorf("failed to evaluate logical expression: %v", err)
 	}
 	if result.Value != true {
 		t.Errorf("expected true, got %v", result)
 	}
 }
 func TestUnmarshalExpr(t *testing.T) {
 	type args struct {
 		data []byte
 	}
 	tests := []struct {
 		name    string
 		args    args
 		want    Expr
 		wantErr bool
 	}{
 		{
 			name: "test1",
 			args: args{
 				data: []byte(`{"left":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.validity","type":"boolean"},"type":"var"},"operator":"is","right":{"type":"const","value":true,"valueType":"boolean"},"type":"comparison"},"operator":"and","right":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.daysLeft","type":"number"},"type":"var"},"operator":"eq","right":{"type":"const","value":2,"valueType":"number"},"type":"comparison"},"type":"logical"}`),
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := UnmarshalExpr(tt.args.data)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("UnmarshalExpr() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if got == nil {
 				t.Errorf("UnmarshalExpr() got = nil, want %v", tt.want)
 				return
 			}
 		})
 	}
 }
 func TestExpr_Eval(t *testing.T) {
 	type args struct {
 		variables map[string]map[string]any
 		data      []byte
 	}
 	tests := []struct {
 		name    string
 		args    args
 		want    *EvalResult
 		wantErr bool
 	}{
 		{
 			name: "test1",
 			args: args{
 				variables: map[string]map[string]any{
 					"ODnYSOXB6HQP2_vz6JcZE": {
 						"certificate.validity": true,
 						"certificate.daysLeft": 2,
 					},
 				},
 				data: []byte(`{"left":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.validity","type":"boolean"},"type":"var"},"operator":"is","right":{"type":"const","value":true,"valueType":"boolean"},"type":"comparison"},"operator":"and","right":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.daysLeft","type":"number"},"type":"var"},"operator":"eq","right":{"type":"const","value":2,"valueType":"number"},"type":"comparison"},"type":"logical"}`),
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			c, err := UnmarshalExpr(tt.args.data)
 			if err != nil {
 				t.Errorf("UnmarshalExpr() error = %v", err)
 				return
 			}
 			got, err := c.Eval(tt.args.variables)
 			t.Log("got:", got)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("ConstExpr.Eval() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if got.Value != true {
 				t.Errorf("ConstExpr.Eval() got = %v, want %v", got.Value, true)
 			}
 		})
 	}
 }
--- a/internal/domain/notify.go
+++ b/internal/domain/notify.go
@@ -8,11 +8,16 @@ type NotifyChannelType string
 	注意：如果追加新的常量值，请保持以 ASCII 排序。
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 // Deprecated: v0.4.x 将废弃
 const (
 	NotifyChannelTypeBark       = NotifyChannelType("bark")
 	NotifyChannelTypeDingTalk   = NotifyChannelType("dingtalk")
 	NotifyChannelTypeEmail      = NotifyChannelType("email")
 	NotifyChannelTypeGotify     = NotifyChannelType("gotify")
 	NotifyChannelTypeLark       = NotifyChannelType("lark")
 	NotifyChannelTypeMattermost = NotifyChannelType("mattermost")
 	NotifyChannelTypePushover   = NotifyChannelType("pushover")
 	NotifyChannelTypePushPlus   = NotifyChannelType("pushplus")
 	NotifyChannelTypeServerChan = NotifyChannelType("serverchan")
 	NotifyChannelTypeTelegram   = NotifyChannelType("telegram")
 	NotifyChannelTypeWebhook    = NotifyChannelType("webhook")
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -1,4 +1,4 @@
-package domain
+package domain
 type AccessProviderType string
@@ -9,170 +9,280 @@ type AccessProviderType string
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
-	AccessProviderType1Panel       = AccessProviderType("1panel")
+	AccessProviderType1Panel              = AccessProviderType("1panel")
-	AccessProviderTypeACMEHttpReq  = AccessProviderType("acmehttpreq")
+	AccessProviderTypeACMECA              = AccessProviderType("acmeca")
-	AccessProviderTypeAkamai       = AccessProviderType("akamai") // Akamai（预留）
+	AccessProviderTypeACMEHttpReq         = AccessProviderType("acmehttpreq")
-	AccessProviderTypeAliyun       = AccessProviderType("aliyun")
+	AccessProviderTypeAkamai              = AccessProviderType("akamai") // Akamai（预留）
-	AccessProviderTypeAWS          = AccessProviderType("aws")
+	AccessProviderTypeAliyun              = AccessProviderType("aliyun")
-	AccessProviderTypeAzure        = AccessProviderType("azure")
+	AccessProviderTypeAWS                 = AccessProviderType("aws")
-	AccessProviderTypeBaiduCloud   = AccessProviderType("baiducloud")
+	AccessProviderTypeAzure               = AccessProviderType("azure")
-	AccessProviderTypeBaishan      = AccessProviderType("baishan")
+	AccessProviderTypeBaiduCloud          = AccessProviderType("baiducloud")
-	AccessProviderTypeBaotaPanel   = AccessProviderType("baotapanel")
+	AccessProviderTypeBaishan             = AccessProviderType("baishan")
-	AccessProviderTypeBytePlus     = AccessProviderType("byteplus")
+	AccessProviderTypeBaotaPanel          = AccessProviderType("baotapanel")
-	AccessProviderTypeCacheFly     = AccessProviderType("cachefly")
+	AccessProviderTypeBaotaWAF            = AccessProviderType("baotawaf")
-	AccessProviderTypeCdnfly       = AccessProviderType("cdnfly")
+	AccessProviderTypeBytePlus            = AccessProviderType("byteplus")
-	AccessProviderTypeCloudflare   = AccessProviderType("cloudflare")
+	AccessProviderTypeBunny               = AccessProviderType("bunny")
-	AccessProviderTypeClouDNS      = AccessProviderType("cloudns")
+	AccessProviderTypeBuypass             = AccessProviderType("buypass")
-	AccessProviderTypeCMCCCloud    = AccessProviderType("cmcccloud")
+	AccessProviderTypeCacheFly            = AccessProviderType("cachefly")
-	AccessProviderTypeCTCCCloud    = AccessProviderType("ctcccloud") // 联通云（预留）
+	AccessProviderTypeCdnfly              = AccessProviderType("cdnfly")
-	AccessProviderTypeCUCCCloud    = AccessProviderType("cucccloud") // 天翼云（预留）
+	AccessProviderTypeCloudflare          = AccessProviderType("cloudflare")
-	AccessProviderTypeDNSLA        = AccessProviderType("dnsla")
+	AccessProviderTypeClouDNS             = AccessProviderType("cloudns")
-	AccessProviderTypeDogeCloud    = AccessProviderType("dogecloud")
+	AccessProviderTypeCMCCCloud           = AccessProviderType("cmcccloud")
-	AccessProviderTypeDynv6        = AccessProviderType("dynv6")
+	AccessProviderTypeConstellix          = AccessProviderType("constellix")
-	AccessProviderTypeEdgio        = AccessProviderType("edgio")
+	AccessProviderTypeCTCCCloud           = AccessProviderType("ctcccloud") // 天翼云（预留）
-	AccessProviderTypeFastly       = AccessProviderType("fastly") // Fastly（预留）
+	AccessProviderTypeCUCCCloud           = AccessProviderType("cucccloud") // 联通云（预留）
-	AccessProviderTypeGname        = AccessProviderType("gname")
+	AccessProviderTypeDeSEC               = AccessProviderType("desec")
-	AccessProviderTypeGcore        = AccessProviderType("gcore")
+	AccessProviderTypeDigitalOcean        = AccessProviderType("digitalocean")
-	AccessProviderTypeGoDaddy      = AccessProviderType("godaddy")
+	AccessProviderTypeDingTalkBot         = AccessProviderType("dingtalkbot")
-	AccessProviderTypeGoEdge       = AccessProviderType("goedge") // GoEdge（预留）
+	AccessProviderTypeDiscordBot          = AccessProviderType("discordbot")
-	AccessProviderTypeHuaweiCloud  = AccessProviderType("huaweicloud")
+	AccessProviderTypeDNSLA               = AccessProviderType("dnsla")
-	AccessProviderTypeJDCloud      = AccessProviderType("jdcloud")
+	AccessProviderTypeDogeCloud           = AccessProviderType("dogecloud")
-	AccessProviderTypeKubernetes   = AccessProviderType("k8s")
+	AccessProviderTypeDuckDNS             = AccessProviderType("duckdns")
-	AccessProviderTypeLocal        = AccessProviderType("local")
+	AccessProviderTypeDynv6               = AccessProviderType("dynv6")
-	AccessProviderTypeNamecheap    = AccessProviderType("namecheap")
+	AccessProviderTypeEdgio               = AccessProviderType("edgio")
-	AccessProviderTypeNameDotCom   = AccessProviderType("namedotcom")
+	AccessProviderTypeEmail               = AccessProviderType("email")
-	AccessProviderTypeNameSilo     = AccessProviderType("namesilo")
+	AccessProviderTypeFastly              = AccessProviderType("fastly") // Fastly（预留）
-	AccessProviderTypeNS1          = AccessProviderType("ns1")
+	AccessProviderTypeFlexCDN             = AccessProviderType("flexcdn")
-	AccessProviderTypePowerDNS     = AccessProviderType("powerdns")
+	AccessProviderTypeGname               = AccessProviderType("gname")
-	AccessProviderTypeQiniu        = AccessProviderType("qiniu")
+	AccessProviderTypeGcore               = AccessProviderType("gcore")
-	AccessProviderTypeQingCloud    = AccessProviderType("qingcloud") // 青云（预留）
+	AccessProviderTypeGoDaddy             = AccessProviderType("godaddy")
-	AccessProviderTypeRainYun      = AccessProviderType("rainyun")
+	AccessProviderTypeGoEdge              = AccessProviderType("goedge")
-	AccessProviderTypeSafeLine     = AccessProviderType("safeline")
+	AccessProviderTypeGoogleTrustServices = AccessProviderType("googletrustservices")
-	AccessProviderTypeSSH          = AccessProviderType("ssh")
+	AccessProviderTypeHetzner             = AccessProviderType("hetzner")
-	AccessProviderTypeTencentCloud = AccessProviderType("tencentcloud")
+	AccessProviderTypeHuaweiCloud         = AccessProviderType("huaweicloud")
-	AccessProviderTypeUCloud       = AccessProviderType("ucloud")
+	AccessProviderTypeJDCloud             = AccessProviderType("jdcloud")
-	AccessProviderTypeUpyun        = AccessProviderType("upyun")
+	AccessProviderTypeKubernetes          = AccessProviderType("k8s")
-	AccessProviderTypeVolcEngine   = AccessProviderType("volcengine")
+	AccessProviderTypeLarkBot             = AccessProviderType("larkbot")
-	AccessProviderTypeWebhook      = AccessProviderType("webhook")
+	AccessProviderTypeLetsEncrypt         = AccessProviderType("letsencrypt")
-	AccessProviderTypeWestcn       = AccessProviderType("westcn")
+	AccessProviderTypeLetsEncryptStaging  = AccessProviderType("letsencryptstaging")
 	AccessProviderTypeLeCDN               = AccessProviderType("lecdn")
 	AccessProviderTypeLocal               = AccessProviderType("local")
 	AccessProviderTypeMattermost          = AccessProviderType("mattermost")
 	AccessProviderTypeNamecheap           = AccessProviderType("namecheap")
 	AccessProviderTypeNameDotCom          = AccessProviderType("namedotcom")
 	AccessProviderTypeNameSilo            = AccessProviderType("namesilo")
 	AccessProviderTypeNetcup              = AccessProviderType("netcup")
 	AccessProviderTypeNetlify             = AccessProviderType("netlify")
 	AccessProviderTypeNS1                 = AccessProviderType("ns1")
 	AccessProviderTypePorkbun             = AccessProviderType("porkbun")
 	AccessProviderTypePowerDNS            = AccessProviderType("powerdns")
 	AccessProviderTypeProxmoxVE           = AccessProviderType("proxmoxve")
 	AccessProviderTypeQiniu               = AccessProviderType("qiniu")
 	AccessProviderTypeQingCloud           = AccessProviderType("qingcloud") // 青云（预留）
 	AccessProviderTypeRainYun             = AccessProviderType("rainyun")
 	AccessProviderTypeRatPanel            = AccessProviderType("ratpanel")
 	AccessProviderTypeSafeLine            = AccessProviderType("safeline")
 	AccessProviderTypeSlackBot            = AccessProviderType("slackbot")
 	AccessProviderTypeSSH                 = AccessProviderType("ssh")
 	AccessProviderTypeSSLCOM              = AccessProviderType("sslcom")
 	AccessProviderTypeTelegramBot         = AccessProviderType("telegrambot")
 	AccessProviderTypeTencentCloud        = AccessProviderType("tencentcloud")
 	AccessProviderTypeUCloud              = AccessProviderType("ucloud")
 	AccessProviderTypeUniCloud            = AccessProviderType("unicloud")
 	AccessProviderTypeUpyun               = AccessProviderType("upyun")
 	AccessProviderTypeVercel              = AccessProviderType("vercel")
 	AccessProviderTypeVolcEngine          = AccessProviderType("volcengine")
 	AccessProviderTypeWangsu              = AccessProviderType("wangsu")
 	AccessProviderTypeWebhook             = AccessProviderType("webhook")
 	AccessProviderTypeWeComBot            = AccessProviderType("wecombot")
 	AccessProviderTypeWestcn              = AccessProviderType("westcn")
 	AccessProviderTypeZeroSSL             = AccessProviderType("zerossl")
 )
-type ApplyDNSProviderType string
+type CAProviderType string
 /*
-申请证书 DNS 提供商常量值。
+证书颁发机构提供商常量值。
 短横线前的部分始终等于授权提供商类型。
 	注意：如果追加新的常量值，请保持以 ASCII 排序。
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
-	ApplyDNSProviderTypeACMEHttpReq     = ApplyDNSProviderType("acmehttpreq")
+	CAProviderTypeACMECA              = CAProviderType(AccessProviderTypeACMECA)
-	ApplyDNSProviderTypeAliyun          = ApplyDNSProviderType("aliyun") // 兼容旧值，等同于 [ApplyDNSProviderTypeAliyunDNS]
+	CAProviderTypeBuypass             = CAProviderType(AccessProviderTypeBuypass)
-	ApplyDNSProviderTypeAliyunDNS       = ApplyDNSProviderType("aliyun-dns")
+	CAProviderTypeGoogleTrustServices = CAProviderType(AccessProviderTypeGoogleTrustServices)
-	ApplyDNSProviderTypeAWS             = ApplyDNSProviderType("aws") // 兼容旧值，等同于 [ApplyDNSProviderTypeAWSRoute53]
+	CAProviderTypeLetsEncrypt         = CAProviderType(AccessProviderTypeLetsEncrypt)
-	ApplyDNSProviderTypeAWSRoute53      = ApplyDNSProviderType("aws-route53")
+	CAProviderTypeLetsEncryptStaging  = CAProviderType(AccessProviderTypeLetsEncryptStaging)
-	ApplyDNSProviderTypeAzure           = ApplyDNSProviderType("azure") // 兼容旧值，等同于 [ApplyDNSProviderTypeAzure]
+	CAProviderTypeSSLCom              = CAProviderType(AccessProviderTypeSSLCOM)
-	ApplyDNSProviderTypeAzureDNS        = ApplyDNSProviderType("azure-dns")
+	CAProviderTypeZeroSSL             = CAProviderType(AccessProviderTypeZeroSSL)
 	ApplyDNSProviderTypeBaiduCloud      = ApplyDNSProviderType("baiducloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeBaiduCloudDNS]
 	ApplyDNSProviderTypeBaiduCloudDNS   = ApplyDNSProviderType("baiducloud-dns")
 	ApplyDNSProviderTypeCloudflare      = ApplyDNSProviderType("cloudflare")
 	ApplyDNSProviderTypeClouDNS         = ApplyDNSProviderType("cloudns")
 	ApplyDNSProviderTypeCMCCCloud       = ApplyDNSProviderType("cmcccloud")
 	ApplyDNSProviderTypeDNSLA           = ApplyDNSProviderType("dnsla")
 	ApplyDNSProviderTypeDynv6           = ApplyDNSProviderType("dynv6")
 	ApplyDNSProviderTypeGcore           = ApplyDNSProviderType("gcore")
 	ApplyDNSProviderTypeGname           = ApplyDNSProviderType("gname")
 	ApplyDNSProviderTypeGoDaddy         = ApplyDNSProviderType("godaddy")
 	ApplyDNSProviderTypeHuaweiCloud     = ApplyDNSProviderType("huaweicloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeHuaweiCloudDNS]
 	ApplyDNSProviderTypeHuaweiCloudDNS  = ApplyDNSProviderType("huaweicloud-dns")
 	ApplyDNSProviderTypeJDCloud         = ApplyDNSProviderType("jdcloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeJDCloudDNS]
 	ApplyDNSProviderTypeJDCloudDNS      = ApplyDNSProviderType("jdcloud-dns")
 	ApplyDNSProviderTypeNamecheap       = ApplyDNSProviderType("namecheap")
 	ApplyDNSProviderTypeNameDotCom      = ApplyDNSProviderType("namedotcom")
 	ApplyDNSProviderTypeNameSilo        = ApplyDNSProviderType("namesilo")
 	ApplyDNSProviderTypeNS1             = ApplyDNSProviderType("ns1")
 	ApplyDNSProviderTypePowerDNS        = ApplyDNSProviderType("powerdns")
 	ApplyDNSProviderTypeRainYun         = ApplyDNSProviderType("rainyun")
 	ApplyDNSProviderTypeTencentCloud    = ApplyDNSProviderType("tencentcloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeTencentCloudDNS]
 	ApplyDNSProviderTypeTencentCloudDNS = ApplyDNSProviderType("tencentcloud-dns")
 	ApplyDNSProviderTypeVolcEngine      = ApplyDNSProviderType("volcengine") // 兼容旧值，等同于 [ApplyDNSProviderTypeVolcEngineDNS]
 	ApplyDNSProviderTypeVolcEngineDNS   = ApplyDNSProviderType("volcengine-dns")
 	ApplyDNSProviderTypeWestcn          = ApplyDNSProviderType("westcn")
 )
-type DeployProviderType string
+type ACMEDns01ProviderType string
 /*
-部署目标提供商常量值。
+ACME DNS-01 提供商常量值。
 短横线前的部分始终等于授权提供商类型。
 	注意：如果追加新的常量值，请保持以 ASCII 排序。
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
-	DeployProviderType1PanelConsole         = DeployProviderType("1panel-console")
+	ACMEDns01ProviderTypeACMEHttpReq     = ACMEDns01ProviderType(AccessProviderTypeACMEHttpReq)
-	DeployProviderType1PanelSite            = DeployProviderType("1panel-site")
+	ACMEDns01ProviderTypeAliyun          = ACMEDns01ProviderType(AccessProviderTypeAliyun) // 兼容旧值，等同于 [ACMEDns01ProviderTypeAliyunDNS]
-	DeployProviderTypeAliyunALB             = DeployProviderType("aliyun-alb")
+	ACMEDns01ProviderTypeAliyunDNS       = ACMEDns01ProviderType(AccessProviderTypeAliyun + "-dns")
-	DeployProviderTypeAliyunCAS             = DeployProviderType("aliyun-cas")
+	ACMEDns01ProviderTypeAliyunESA       = ACMEDns01ProviderType(AccessProviderTypeAliyun + "-esa")
-	DeployProviderTypeAliyunCASDeploy       = DeployProviderType("aliyun-casdeploy")
+	ACMEDns01ProviderTypeAWS             = ACMEDns01ProviderType(AccessProviderTypeAWS) // 兼容旧值，等同于 [ACMEDns01ProviderTypeAWSRoute53]
-	DeployProviderTypeAliyunCDN             = DeployProviderType("aliyun-cdn")
+	ACMEDns01ProviderTypeAWSRoute53      = ACMEDns01ProviderType(AccessProviderTypeAWS + "-route53")
-	DeployProviderTypeAliyunCLB             = DeployProviderType("aliyun-clb")
+	ACMEDns01ProviderTypeAzure           = ACMEDns01ProviderType(AccessProviderTypeAzure) // 兼容旧值，等同于 [ACMEDns01ProviderTypeAzure]
-	DeployProviderTypeAliyunDCDN            = DeployProviderType("aliyun-dcdn")
+	ACMEDns01ProviderTypeAzureDNS        = ACMEDns01ProviderType(AccessProviderTypeAzure + "-dns")
-	DeployProviderTypeAliyunESA             = DeployProviderType("aliyun-esa")
+	ACMEDns01ProviderTypeBaiduCloud      = ACMEDns01ProviderType(AccessProviderTypeBaiduCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeBaiduCloudDNS]
-	DeployProviderTypeAliyunFC              = DeployProviderType("aliyun-fc")
+	ACMEDns01ProviderTypeBaiduCloudDNS   = ACMEDns01ProviderType(AccessProviderTypeBaiduCloud + "-dns")
-	DeployProviderTypeAliyunLive            = DeployProviderType("aliyun-live")
+	ACMEDns01ProviderTypeBunny           = ACMEDns01ProviderType(AccessProviderTypeBunny)
-	DeployProviderTypeAliyunNLB             = DeployProviderType("aliyun-nlb")
+	ACMEDns01ProviderTypeCloudflare      = ACMEDns01ProviderType(AccessProviderTypeCloudflare)
-	DeployProviderTypeAliyunOSS             = DeployProviderType("aliyun-oss")
+	ACMEDns01ProviderTypeClouDNS         = ACMEDns01ProviderType(AccessProviderTypeClouDNS)
-	DeployProviderTypeAliyunVOD             = DeployProviderType("aliyun-vod")
+	ACMEDns01ProviderTypeCMCCCloud       = ACMEDns01ProviderType(AccessProviderTypeCMCCCloud)
-	DeployProviderTypeAliyunWAF             = DeployProviderType("aliyun-waf")
+	ACMEDns01ProviderTypeConstellix      = ACMEDns01ProviderType(AccessProviderTypeConstellix)
-	DeployProviderTypeAWSACM                = DeployProviderType("aws-acm")
+	ACMEDns01ProviderTypeDeSEC           = ACMEDns01ProviderType(AccessProviderTypeDeSEC)
-	DeployProviderTypeAWSCloudFront         = DeployProviderType("aws-cloudfront")
+	ACMEDns01ProviderTypeDigitalOcean    = ACMEDns01ProviderType(AccessProviderTypeDigitalOcean)
-	DeployProviderTypeAzureKeyVault         = DeployProviderType("azure-keyvault")
+	ACMEDns01ProviderTypeDNSLA           = ACMEDns01ProviderType(AccessProviderTypeDNSLA)
-	DeployProviderTypeBaiduCloudCDN         = DeployProviderType("baiducloud-cdn")
+	ACMEDns01ProviderTypeDuckDNS         = ACMEDns01ProviderType(AccessProviderTypeDuckDNS)
-	DeployProviderTypeBaishanCDN            = DeployProviderType("baishan-cdn")
+	ACMEDns01ProviderTypeDynv6           = ACMEDns01ProviderType(AccessProviderTypeDynv6)
-	DeployProviderTypeBaotaPanelConsole     = DeployProviderType("baotapanel-console")
+	ACMEDns01ProviderTypeGcore           = ACMEDns01ProviderType(AccessProviderTypeGcore)
-	DeployProviderTypeBaotaPanelSite        = DeployProviderType("baotapanel-site")
+	ACMEDns01ProviderTypeGname           = ACMEDns01ProviderType(AccessProviderTypeGname)
-	DeployProviderTypeBytePlusCDN           = DeployProviderType("byteplus-cdn")
+	ACMEDns01ProviderTypeGoDaddy         = ACMEDns01ProviderType(AccessProviderTypeGoDaddy)
-	DeployProviderTypeCacheFly              = DeployProviderType("cachefly")
+	ACMEDns01ProviderTypeHetzner         = ACMEDns01ProviderType(AccessProviderTypeHetzner)
-	DeployProviderTypeCdnfly                = DeployProviderType("cdnfly")
+	ACMEDns01ProviderTypeHuaweiCloud     = ACMEDns01ProviderType(AccessProviderTypeHuaweiCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeHuaweiCloudDNS]
-	DeployProviderTypeDogeCloudCDN          = DeployProviderType("dogecloud-cdn")
+	ACMEDns01ProviderTypeHuaweiCloudDNS  = ACMEDns01ProviderType(AccessProviderTypeHuaweiCloud + "-dns")
-	DeployProviderTypeEdgioApplications     = DeployProviderType("edgio-applications")
+	ACMEDns01ProviderTypeJDCloud         = ACMEDns01ProviderType(AccessProviderTypeJDCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeJDCloudDNS]
-	DeployProviderTypeGcoreCDN              = DeployProviderType("gcore-cdn")
+	ACMEDns01ProviderTypeJDCloudDNS      = ACMEDns01ProviderType(AccessProviderTypeJDCloud + "-dns")
-	DeployProviderTypeHuaweiCloudCDN        = DeployProviderType("huaweicloud-cdn")
+	ACMEDns01ProviderTypeNamecheap       = ACMEDns01ProviderType(AccessProviderTypeNamecheap)
-	DeployProviderTypeHuaweiCloudELB        = DeployProviderType("huaweicloud-elb")
+	ACMEDns01ProviderTypeNameDotCom      = ACMEDns01ProviderType(AccessProviderTypeNameDotCom)
-	DeployProviderTypeHuaweiCloudWAF        = DeployProviderType("huaweicloud-waf")
+	ACMEDns01ProviderTypeNameSilo        = ACMEDns01ProviderType(AccessProviderTypeNameSilo)
-	DeployProviderTypeJDCloudALB            = DeployProviderType("jdcloud-alb")
+	ACMEDns01ProviderTypeNetcup          = ACMEDns01ProviderType(AccessProviderTypeNetcup)
-	DeployProviderTypeJDCloudCDN            = DeployProviderType("jdcloud-cdn")
+	ACMEDns01ProviderTypeNetlify         = ACMEDns01ProviderType(AccessProviderTypeNetlify)
-	DeployProviderTypeJDCloudLive           = DeployProviderType("jdcloud-live")
+	ACMEDns01ProviderTypeNS1             = ACMEDns01ProviderType(AccessProviderTypeNS1)
-	DeployProviderTypeJDCloudVOD            = DeployProviderType("jdcloud-vod")
+	ACMEDns01ProviderTypePorkbun         = ACMEDns01ProviderType(AccessProviderTypePorkbun)
-	DeployProviderTypeKubernetesSecret      = DeployProviderType("k8s-secret")
+	ACMEDns01ProviderTypePowerDNS        = ACMEDns01ProviderType(AccessProviderTypePowerDNS)
-	DeployProviderTypeLocal                 = DeployProviderType("local")
+	ACMEDns01ProviderTypeRainYun         = ACMEDns01ProviderType(AccessProviderTypeRainYun)
-	DeployProviderTypeQiniuCDN              = DeployProviderType("qiniu-cdn")
+	ACMEDns01ProviderTypeTencentCloud    = ACMEDns01ProviderType(AccessProviderTypeTencentCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeTencentCloudDNS]
-	DeployProviderTypeQiniuKodo             = DeployProviderType("qiniu-kodo")
+	ACMEDns01ProviderTypeTencentCloudDNS = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + "-dns")
-	DeployProviderTypeQiniuPili             = DeployProviderType("qiniu-pili")
+	ACMEDns01ProviderTypeTencentCloudEO  = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + "-eo")
-	DeployProviderTypeSafeLine              = DeployProviderType("safeline")
+	ACMEDns01ProviderTypeUCloudUDNR      = ACMEDns01ProviderType(AccessProviderTypeUCloud + "-udnr")
-	DeployProviderTypeSSH                   = DeployProviderType("ssh")
+	ACMEDns01ProviderTypeVercel          = ACMEDns01ProviderType(AccessProviderTypeVercel)
-	DeployProviderTypeTencentCloudCDN       = DeployProviderType("tencentcloud-cdn")
+	ACMEDns01ProviderTypeVolcEngine      = ACMEDns01ProviderType(AccessProviderTypeVolcEngine) // 兼容旧值，等同于 [ACMEDns01ProviderTypeVolcEngineDNS]
-	DeployProviderTypeTencentCloudCLB       = DeployProviderType("tencentcloud-clb")
+	ACMEDns01ProviderTypeVolcEngineDNS   = ACMEDns01ProviderType(AccessProviderTypeVolcEngine + "-dns")
-	DeployProviderTypeTencentCloudCOS       = DeployProviderType("tencentcloud-cos")
+	ACMEDns01ProviderTypeWestcn          = ACMEDns01ProviderType(AccessProviderTypeWestcn)
-	DeployProviderTypeTencentCloudCSS       = DeployProviderType("tencentcloud-css")
+)
-	DeployProviderTypeTencentCloudECDN      = DeployProviderType("tencentcloud-ecdn")
+
-	DeployProviderTypeTencentCloudEO        = DeployProviderType("tencentcloud-eo")
+type DeploymentProviderType string
-	DeployProviderTypeTencentCloudSCF       = DeployProviderType("tencentcloud-scf")
+
-	DeployProviderTypeTencentCloudSSL       = DeployProviderType("tencentcloud-ssl")
+/*
-	DeployProviderTypeTencentCloudSSLDeploy = DeployProviderType("tencentcloud-ssldeploy")
+部署证书主机提供商常量值。
-	DeployProviderTypeTencentCloudVOD       = DeployProviderType("tencentcloud-vod")
+短横线前的部分始终等于授权提供商类型。
-	DeployProviderTypeTencentCloudWAF       = DeployProviderType("tencentcloud-waf")
+
-	DeployProviderTypeUCloudUCDN            = DeployProviderType("ucloud-ucdn")
+	注意：如果追加新的常量值，请保持以 ASCII 排序。
-	DeployProviderTypeUCloudUS3             = DeployProviderType("ucloud-us3")
+	NOTICE: If you add new constant, please keep ASCII order.
-	DeployProviderTypeUpyunCDN              = DeployProviderType("upyun-cdn")
+*/
-	DeployProviderTypeUpyunFile             = DeployProviderType("upyun-file")
+const (
-	DeployProviderTypeVolcEngineCDN         = DeployProviderType("volcengine-cdn")
+	DeploymentProviderType1PanelConsole         = DeploymentProviderType(AccessProviderType1Panel + "-console")
-	DeployProviderTypeVolcEngineCLB         = DeployProviderType("volcengine-clb")
+	DeploymentProviderType1PanelSite            = DeploymentProviderType(AccessProviderType1Panel + "-site")
-	DeployProviderTypeVolcEngineDCDN        = DeployProviderType("volcengine-dcdn")
+	DeploymentProviderTypeAliyunALB             = DeploymentProviderType(AccessProviderTypeAliyun + "-alb")
-	DeployProviderTypeVolcEngineImageX      = DeployProviderType("volcengine-imagex")
+	DeploymentProviderTypeAliyunAPIGW           = DeploymentProviderType(AccessProviderTypeAliyun + "-apigw")
-	DeployProviderTypeVolcEngineLive        = DeployProviderType("volcengine-live")
+	DeploymentProviderTypeAliyunCAS             = DeploymentProviderType(AccessProviderTypeAliyun + "-cas")
-	DeployProviderTypeVolcEngineTOS         = DeployProviderType("volcengine-tos")
+	DeploymentProviderTypeAliyunCASDeploy       = DeploymentProviderType(AccessProviderTypeAliyun + "-casdeploy")
-	DeployProviderTypeWebhook               = DeployProviderType("webhook")
+	DeploymentProviderTypeAliyunCDN             = DeploymentProviderType(AccessProviderTypeAliyun + "-cdn")
 	DeploymentProviderTypeAliyunCLB             = DeploymentProviderType(AccessProviderTypeAliyun + "-clb")
 	DeploymentProviderTypeAliyunDCDN            = DeploymentProviderType(AccessProviderTypeAliyun + "-dcdn")
 	DeploymentProviderTypeAliyunDDoS            = DeploymentProviderType(AccessProviderTypeAliyun + "-ddos")
 	DeploymentProviderTypeAliyunESA             = DeploymentProviderType(AccessProviderTypeAliyun + "-esa")
 	DeploymentProviderTypeAliyunFC              = DeploymentProviderType(AccessProviderTypeAliyun + "-fc")
 	DeploymentProviderTypeAliyunGA              = DeploymentProviderType(AccessProviderTypeAliyun + "-ga")
 	DeploymentProviderTypeAliyunLive            = DeploymentProviderType(AccessProviderTypeAliyun + "-live")
 	DeploymentProviderTypeAliyunNLB             = DeploymentProviderType(AccessProviderTypeAliyun + "-nlb")
 	DeploymentProviderTypeAliyunOSS             = DeploymentProviderType(AccessProviderTypeAliyun + "-oss")
 	DeploymentProviderTypeAliyunVOD             = DeploymentProviderType(AccessProviderTypeAliyun + "-vod")
 	DeploymentProviderTypeAliyunWAF             = DeploymentProviderType(AccessProviderTypeAliyun + "-waf")
 	DeploymentProviderTypeAWSACM                = DeploymentProviderType(AccessProviderTypeAWS + "-acm")
 	DeploymentProviderTypeAWSCloudFront         = DeploymentProviderType(AccessProviderTypeAWS + "-cloudfront")
 	DeploymentProviderTypeAWSIAM                = DeploymentProviderType(AccessProviderTypeAWS + "-iam")
 	DeploymentProviderTypeAzureKeyVault         = DeploymentProviderType(AccessProviderTypeAzure + "-keyvault")
 	DeploymentProviderTypeBaiduCloudAppBLB      = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-appblb")
 	DeploymentProviderTypeBaiduCloudBLB         = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-blb")
 	DeploymentProviderTypeBaiduCloudCDN         = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-cdn")
 	DeploymentProviderTypeBaiduCloudCert        = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-cert")
 	DeploymentProviderTypeBaishanCDN            = DeploymentProviderType(AccessProviderTypeBaishan + "-cdn")
 	DeploymentProviderTypeBaotaPanelConsole     = DeploymentProviderType(AccessProviderTypeBaotaPanel + "-console")
 	DeploymentProviderTypeBaotaPanelSite        = DeploymentProviderType(AccessProviderTypeBaotaPanel + "-site")
 	DeploymentProviderTypeBaotaWAFConsole       = DeploymentProviderType(AccessProviderTypeBaotaWAF + "-console")
 	DeploymentProviderTypeBaotaWAFSite          = DeploymentProviderType(AccessProviderTypeBaotaWAF + "-site")
 	DeploymentProviderTypeBunnyCDN              = DeploymentProviderType(AccessProviderTypeBunny + "-cdn")
 	DeploymentProviderTypeBytePlusCDN           = DeploymentProviderType(AccessProviderTypeBytePlus + "-cdn")
 	DeploymentProviderTypeCacheFly              = DeploymentProviderType(AccessProviderTypeCacheFly)
 	DeploymentProviderTypeCdnfly                = DeploymentProviderType(AccessProviderTypeCdnfly)
 	DeploymentProviderTypeDogeCloudCDN          = DeploymentProviderType(AccessProviderTypeDogeCloud + "-cdn")
 	DeploymentProviderTypeEdgioApplications     = DeploymentProviderType(AccessProviderTypeEdgio + "-applications")
 	DeploymentProviderTypeFlexCDN               = DeploymentProviderType(AccessProviderTypeFlexCDN)
 	DeploymentProviderTypeGcoreCDN              = DeploymentProviderType(AccessProviderTypeGcore + "-cdn")
 	DeploymentProviderTypeGoEdge                = DeploymentProviderType(AccessProviderTypeGoEdge)
 	DeploymentProviderTypeHuaweiCloudCDN        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-cdn")
 	DeploymentProviderTypeHuaweiCloudELB        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-elb")
 	DeploymentProviderTypeHuaweiCloudSCM        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-scm")
 	DeploymentProviderTypeHuaweiCloudWAF        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-waf")
 	DeploymentProviderTypeJDCloudALB            = DeploymentProviderType(AccessProviderTypeJDCloud + "-alb")
 	DeploymentProviderTypeJDCloudCDN            = DeploymentProviderType(AccessProviderTypeJDCloud + "-cdn")
 	DeploymentProviderTypeJDCloudLive           = DeploymentProviderType(AccessProviderTypeJDCloud + "-live")
 	DeploymentProviderTypeJDCloudVOD            = DeploymentProviderType(AccessProviderTypeJDCloud + "-vod")
 	DeploymentProviderTypeKubernetesSecret      = DeploymentProviderType(AccessProviderTypeKubernetes + "-secret")
 	DeploymentProviderTypeLeCDN                 = DeploymentProviderType(AccessProviderTypeLeCDN)
 	DeploymentProviderTypeLocal                 = DeploymentProviderType(AccessProviderTypeLocal)
 	DeploymentProviderTypeNetlifySite           = DeploymentProviderType(AccessProviderTypeNetlify + "-site")
 	DeploymentProviderTypeProxmoxVE             = DeploymentProviderType(AccessProviderTypeProxmoxVE)
 	DeploymentProviderTypeQiniuCDN              = DeploymentProviderType(AccessProviderTypeQiniu + "-cdn")
 	DeploymentProviderTypeQiniuKodo             = DeploymentProviderType(AccessProviderTypeQiniu + "-kodo")
 	DeploymentProviderTypeQiniuPili             = DeploymentProviderType(AccessProviderTypeQiniu + "-pili")
 	DeploymentProviderTypeRainYunRCDN           = DeploymentProviderType(AccessProviderTypeRainYun + "-rcdn")
 	DeploymentProviderTypeRatPanelConsole       = DeploymentProviderType(AccessProviderTypeRatPanel + "-console")
 	DeploymentProviderTypeRatPanelSite          = DeploymentProviderType(AccessProviderTypeRatPanel + "-site")
 	DeploymentProviderTypeSafeLine              = DeploymentProviderType(AccessProviderTypeSafeLine)
 	DeploymentProviderTypeSSH                   = DeploymentProviderType(AccessProviderTypeSSH)
 	DeploymentProviderTypeTencentCloudCDN       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-cdn")
 	DeploymentProviderTypeTencentCloudCLB       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-clb")
 	DeploymentProviderTypeTencentCloudCOS       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-cos")
 	DeploymentProviderTypeTencentCloudCSS       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-css")
 	DeploymentProviderTypeTencentCloudECDN      = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ecdn")
 	DeploymentProviderTypeTencentCloudEO        = DeploymentProviderType(AccessProviderTypeTencentCloud + "-eo")
 	DeploymentProviderTypeTencentCloudSCF       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-scf")
 	DeploymentProviderTypeTencentCloudSSL       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ssl")
 	DeploymentProviderTypeTencentCloudSSLDeploy = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ssldeploy")
 	DeploymentProviderTypeTencentCloudVOD       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-vod")
 	DeploymentProviderTypeTencentCloudWAF       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-waf")
 	DeploymentProviderTypeUCloudUCDN            = DeploymentProviderType(AccessProviderTypeUCloud + "-ucdn")
 	DeploymentProviderTypeUCloudUS3             = DeploymentProviderType(AccessProviderTypeUCloud + "-us3")
 	DeploymentProviderTypeUniCloudWebHost       = DeploymentProviderType(AccessProviderTypeUniCloud + "-webhost")
 	DeploymentProviderTypeUpyunCDN              = DeploymentProviderType(AccessProviderTypeUpyun + "-cdn")
 	DeploymentProviderTypeUpyunFile             = DeploymentProviderType(AccessProviderTypeUpyun + "-file")
 	DeploymentProviderTypeVolcEngineALB         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-alb")
 	DeploymentProviderTypeVolcEngineCDN         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-cdn")
 	DeploymentProviderTypeVolcEngineCertCenter  = DeploymentProviderType(AccessProviderTypeVolcEngine + "-certcenter")
 	DeploymentProviderTypeVolcEngineCLB         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-clb")
 	DeploymentProviderTypeVolcEngineDCDN        = DeploymentProviderType(AccessProviderTypeVolcEngine + "-dcdn")
 	DeploymentProviderTypeVolcEngineImageX      = DeploymentProviderType(AccessProviderTypeVolcEngine + "-imagex")
 	DeploymentProviderTypeVolcEngineLive        = DeploymentProviderType(AccessProviderTypeVolcEngine + "-live")
 	DeploymentProviderTypeVolcEngineTOS         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-tos")
 	DeploymentProviderTypeWangsuCDN             = DeploymentProviderType(AccessProviderTypeWangsu + "-cdn")
 	DeploymentProviderTypeWangsuCDNPro          = DeploymentProviderType(AccessProviderTypeWangsu + "-cdnpro")
 	DeploymentProviderTypeWangsuCertificate     = DeploymentProviderType(AccessProviderTypeWangsu + "-certificate")
 	DeploymentProviderTypeWebhook               = DeploymentProviderType(AccessProviderTypeWebhook)
 )
 type NotificationProviderType string
 /*
 消息通知提供商常量值。
 短横线前的部分始终等于授权提供商类型。
 	注意：如果追加新的常量值，请保持以 ASCII 排序。
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
 	NotificationProviderTypeDingTalkBot = NotificationProviderType(AccessProviderTypeDingTalkBot)
 	NotificationProviderTypeDiscordBot  = NotificationProviderType(AccessProviderTypeDiscordBot)
 	NotificationProviderTypeEmail       = NotificationProviderType(AccessProviderTypeEmail)
 	NotificationProviderTypeLarkBot     = NotificationProviderType(AccessProviderTypeLarkBot)
 	NotificationProviderTypeMattermost  = NotificationProviderType(AccessProviderTypeMattermost)
 	NotificationProviderTypeSlackBot    = NotificationProviderType(AccessProviderTypeSlackBot)
 	NotificationProviderTypeTelegramBot = NotificationProviderType(AccessProviderTypeTelegramBot)
 	NotificationProviderTypeWebhook     = NotificationProviderType(AccessProviderTypeWebhook)
 	NotificationProviderTypeWeComBot    = NotificationProviderType(AccessProviderTypeWeComBot)
 )
--- a/internal/domain/settings.go
+++ b/internal/domain/settings.go
@@ -13,6 +13,7 @@ type Settings struct {
 	Content string `json:"content" db:"content"`
 }
 // Deprecated: v0.4.x 将废弃
 type NotifyTemplatesSettingsContent struct {
 	NotifyTemplates []struct {
 		Subject string `json:"subject"`
@@ -20,8 +21,10 @@ type NotifyTemplatesSettingsContent struct {
 	} `json:"notifyTemplates"`
 }
 // Deprecated: v0.4.x 将废弃
 type NotifyChannelsSettingsContent map[string]map[string]any
 // Deprecated: v0.4.x 将废弃
 func (s *Settings) GetNotifyChannelConfig(channel string) (map[string]any, error) {
 	conf := &NotifyChannelsSettingsContent{}
 	if err := json.Unmarshal([]byte(s.Content), conf); err != nil {
--- a/internal/domain/workflow.go
+++ b/internal/domain/workflow.go
@@ -1,9 +1,11 @@
 package domain
 import (
 	"encoding/json"
 	"time"
-	"github.com/usual2970/certimate/internal/pkg/utils/maputil"
+	"github.com/usual2970/certimate/internal/domain/expr"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
 const CollectionNameWorkflow = "workflow"
@@ -30,6 +32,7 @@ const (
 	WorkflowNodeTypeEnd                 = WorkflowNodeType("end")
 	WorkflowNodeTypeApply               = WorkflowNodeType("apply")
 	WorkflowNodeTypeUpload              = WorkflowNodeType("upload")
 	WorkflowNodeTypeMonitor             = WorkflowNodeType("monitor")
 	WorkflowNodeTypeDeploy              = WorkflowNodeType("deploy")
 	WorkflowNodeTypeNotify              = WorkflowNodeType("notify")
 	WorkflowNodeTypeBranch              = WorkflowNodeType("branch")
@@ -62,108 +65,133 @@ type WorkflowNode struct {
 }
 type WorkflowNodeConfigForApply struct {
-	Domains               string         `json:"domains"`               // 域名列表，以半角分号分隔
+	Domains               string         `json:"domains"`                         // 域名列表，以半角分号分隔
-	ContactEmail          string         `json:"contactEmail"`          // 联系邮箱
+	ContactEmail          string         `json:"contactEmail"`                    // 联系邮箱
-	ChallengeType         string         `json:"challengeType"`         // TODO: 验证方式。目前仅支持 dns-01
+	ChallengeType         string         `json:"challengeType"`                   // TODO: 验证方式。目前仅支持 dns-01
-	Provider              string         `json:"provider"`              // DNS 提供商
+	Provider              string         `json:"provider"`                        // DNS 提供商
-	ProviderAccessId      string         `json:"providerAccessId"`      // DNS 提供商授权记录 ID
+	ProviderAccessId      string         `json:"providerAccessId"`                // DNS 提供商授权记录 ID
-	ProviderConfig        map[string]any `json:"providerConfig"`        // DNS 提供商额外配置
+	ProviderConfig        map[string]any `json:"providerConfig"`                  // DNS 提供商额外配置
-	KeyAlgorithm          string         `json:"keyAlgorithm"`          // 密钥算法
+	CAProvider            string         `json:"caProvider,omitempty"`            // CA 提供商（零值时使用全局配置）
-	Nameservers           string         `json:"nameservers"`           // DNS 服务器列表，以半角分号分隔
+	CAProviderAccessId    string         `json:"caProviderAccessId,omitempty"`    // CA 提供商授权记录 ID
-	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout"` // DNS 传播超时时间（零值取决于提供商的默认值）
+	CAProviderConfig      map[string]any `json:"caProviderConfig,omitempty"`      // CA 提供商额外配置
-	DnsTTL                int32          `json:"dnsTTL"`                // DNS TTL（零值取决于提供商的默认值）
+	KeyAlgorithm          string         `json:"keyAlgorithm"`                    // 证书算法
-	DisableFollowCNAME    bool           `json:"disableFollowCNAME"`    // 是否关闭 CNAME 跟随
+	Nameservers           string         `json:"nameservers,omitempty"`           // DNS 服务器列表，以半角分号分隔
-	DisableARI            bool           `json:"disableARI"`            // 是否关闭 ARI
+	DnsPropagationWait    int32          `json:"dnsPropagationWait,omitempty"`    // DNS 传播等待时间，等同于 lego 的 `--dns-propagation-wait` 参数
-	SkipBeforeExpiryDays  int32          `json:"skipBeforeExpiryDays"`  // 证书到期前多少天前跳过续期（零值将使用默认值 30）
+	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播检查超时时间（零值时使用提供商的默认值）
 	DnsTTL                int32          `json:"dnsTTL,omitempty"`                // DNS 解析记录 TTL（零值时使用提供商的默认值）
 	DisableFollowCNAME    bool           `json:"disableFollowCNAME,omitempty"`    // 是否关闭 CNAME 跟随
 	DisableARI            bool           `json:"disableARI,omitempty"`            // 是否关闭 ARI
 	SkipBeforeExpiryDays  int32          `json:"skipBeforeExpiryDays,omitempty"`  // 证书到期前多少天前跳过续期（零值时默认值 30）
 }
 type WorkflowNodeConfigForUpload struct {
-	Certificate string `json:"certificate"`
+	Certificate string `json:"certificate"` // 证书 PEM 内容
-	PrivateKey  string `json:"privateKey"`
+	PrivateKey  string `json:"privateKey"`  // 私钥 PEM 内容
-	Domains     string `json:"domains"`
+	Domains     string `json:"domains,omitempty"`
 }
 type WorkflowNodeConfigForMonitor struct {
 	Host        string `json:"host"`                  // 主机地址
 	Port        int32  `json:"port,omitempty"`        // 端口（零值时默认值 443）
 	Domain      string `json:"domain,omitempty"`      // 域名（零值时默认值 [Host]）
 	RequestPath string `json:"requestPath,omitempty"` // 请求路径
 }
 type WorkflowNodeConfigForDeploy struct {
-	Certificate         string         `json:"certificate"`         // 前序节点输出的证书，形如“${NodeId}#certificate”
+	Certificate         string         `json:"certificate"`                // 前序节点输出的证书，形如“${NodeId}#certificate”
-	Provider            string         `json:"provider"`            // 主机提供商
+	Provider            string         `json:"provider"`                   // 主机提供商
-	ProviderAccessId    string         `json:"providerAccessId"`    // 主机提供商授权记录 ID
+	ProviderAccessId    string         `json:"providerAccessId,omitempty"` // 主机提供商授权记录 ID
-	ProviderConfig      map[string]any `json:"providerConfig"`      // 主机提供商额外配置
+	ProviderConfig      map[string]any `json:"providerConfig,omitempty"`   // 主机提供商额外配置
-	SkipOnLastSucceeded bool           `json:"skipOnLastSucceeded"` // 上次部署成功时是否跳过
+	SkipOnLastSucceeded bool           `json:"skipOnLastSucceeded"`        // 上次部署成功时是否跳过
 }
 type WorkflowNodeConfigForNotify struct {
-	Channel string `json:"channel"` // 通知渠道
+	Channel          string         `json:"channel,omitempty"`        // Deprecated: v0.4.x 将废弃
-	Subject string `json:"subject"` // 通知主题
+	Provider         string         `json:"provider"`                 // 通知提供商
-	Message string `json:"message"` // 通知内容
+	ProviderAccessId string         `json:"providerAccessId"`         // 通知提供商授权记录 ID
 	ProviderConfig   map[string]any `json:"providerConfig,omitempty"` // 通知提供商额外配置
 	Subject          string         `json:"subject"`                  // 通知主题
 	Message          string         `json:"message"`                  // 通知内容
 }
-func (n *WorkflowNode) getConfigString(key string) string {
+type WorkflowNodeConfigForCondition struct {
-	return maputil.GetString(n.Config, key)
+	Expression expr.Expr `json:"expression"` // 条件表达式
 }
 func (n *WorkflowNode) getConfigBool(key string) bool {
 	return maputil.GetBool(n.Config, key)
 }
 func (n *WorkflowNode) getConfigInt32(key string) int32 {
 	return maputil.GetInt32(n.Config, key)
 }
 func (n *WorkflowNode) getConfigMap(key string) map[string]any {
 	if val, ok := n.Config[key]; ok {
 		if result, ok := val.(map[string]any); ok {
 			return result
 		}
 	}
 	return make(map[string]any)
 }
 func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
 	skipBeforeExpiryDays := n.getConfigInt32("skipBeforeExpiryDays")
 	if skipBeforeExpiryDays == 0 {
 		skipBeforeExpiryDays = 30
 	}
 	return WorkflowNodeConfigForApply{
-		Domains:               n.getConfigString("domains"),
+		Domains:               maputil.GetString(n.Config, "domains"),
-		ContactEmail:          n.getConfigString("contactEmail"),
+		ContactEmail:          maputil.GetString(n.Config, "contactEmail"),
-		Provider:              n.getConfigString("provider"),
+		Provider:              maputil.GetString(n.Config, "provider"),
-		ProviderAccessId:      n.getConfigString("providerAccessId"),
+		ProviderAccessId:      maputil.GetString(n.Config, "providerAccessId"),
-		ProviderConfig:        n.getConfigMap("providerConfig"),
+		ProviderConfig:        maputil.GetKVMapAny(n.Config, "providerConfig"),
-		KeyAlgorithm:          n.getConfigString("keyAlgorithm"),
+		CAProvider:            maputil.GetString(n.Config, "caProvider"),
-		Nameservers:           n.getConfigString("nameservers"),
+		CAProviderAccessId:    maputil.GetString(n.Config, "caProviderAccessId"),
-		DnsPropagationTimeout: n.getConfigInt32("dnsPropagationTimeout"),
+		CAProviderConfig:      maputil.GetKVMapAny(n.Config, "caProviderConfig"),
-		DnsTTL:                n.getConfigInt32("dnsTTL"),
+		KeyAlgorithm:          maputil.GetString(n.Config, "keyAlgorithm"),
-		DisableFollowCNAME:    n.getConfigBool("disableFollowCNAME"),
+		Nameservers:           maputil.GetString(n.Config, "nameservers"),
-		DisableARI:            n.getConfigBool("disableARI"),
+		DnsPropagationWait:    maputil.GetInt32(n.Config, "dnsPropagationWait"),
-		SkipBeforeExpiryDays:  skipBeforeExpiryDays,
+		DnsPropagationTimeout: maputil.GetInt32(n.Config, "dnsPropagationTimeout"),
 		DnsTTL:                maputil.GetInt32(n.Config, "dnsTTL"),
 		DisableFollowCNAME:    maputil.GetBool(n.Config, "disableFollowCNAME"),
 		DisableARI:            maputil.GetBool(n.Config, "disableARI"),
 		SkipBeforeExpiryDays:  maputil.GetOrDefaultInt32(n.Config, "skipBeforeExpiryDays", 30),
 	}
 }
 func (n *WorkflowNode) GetConfigForUpload() WorkflowNodeConfigForUpload {
 	return WorkflowNodeConfigForUpload{
-		Certificate: n.getConfigString("certificate"),
+		Certificate: maputil.GetString(n.Config, "certificate"),
-		PrivateKey:  n.getConfigString("privateKey"),
+		PrivateKey:  maputil.GetString(n.Config, "privateKey"),
-		Domains:     n.getConfigString("domains"),
+		Domains:     maputil.GetString(n.Config, "domains"),
 	}
 }
 func (n *WorkflowNode) GetConfigForMonitor() WorkflowNodeConfigForMonitor {
 	host := maputil.GetString(n.Config, "host")
 	return WorkflowNodeConfigForMonitor{
 		Host:        host,
 		Port:        maputil.GetOrDefaultInt32(n.Config, "port", 443),
 		Domain:      maputil.GetOrDefaultString(n.Config, "domain", host),
 		RequestPath: maputil.GetString(n.Config, "path"),
 	}
 }
 func (n *WorkflowNode) GetConfigForDeploy() WorkflowNodeConfigForDeploy {
 	return WorkflowNodeConfigForDeploy{
-		Certificate:         n.getConfigString("certificate"),
+		Certificate:         maputil.GetString(n.Config, "certificate"),
-		Provider:            n.getConfigString("provider"),
+		Provider:            maputil.GetString(n.Config, "provider"),
-		ProviderAccessId:    n.getConfigString("providerAccessId"),
+		ProviderAccessId:    maputil.GetString(n.Config, "providerAccessId"),
-		ProviderConfig:      n.getConfigMap("providerConfig"),
+		ProviderConfig:      maputil.GetKVMapAny(n.Config, "providerConfig"),
-		SkipOnLastSucceeded: n.getConfigBool("skipOnLastSucceeded"),
+		SkipOnLastSucceeded: maputil.GetBool(n.Config, "skipOnLastSucceeded"),
 	}
 }
 func (n *WorkflowNode) GetConfigForNotify() WorkflowNodeConfigForNotify {
 	return WorkflowNodeConfigForNotify{
-		Channel: n.getConfigString("channel"),
+		Channel:          maputil.GetString(n.Config, "channel"),
-		Subject: n.getConfigString("subject"),
+		Provider:         maputil.GetString(n.Config, "provider"),
-		Message: n.getConfigString("message"),
+		ProviderAccessId: maputil.GetString(n.Config, "providerAccessId"),
 		ProviderConfig:   maputil.GetKVMapAny(n.Config, "providerConfig"),
 		Subject:          maputil.GetString(n.Config, "subject"),
 		Message:          maputil.GetString(n.Config, "message"),
 	}
 }
 func (n *WorkflowNode) GetConfigForCondition() WorkflowNodeConfigForCondition {
 	expression := n.Config["expression"]
 	if expression == nil {
 		return WorkflowNodeConfigForCondition{}
 	}
 	exprRaw, _ := json.Marshal(expression)
 	expr, err := expr.UnmarshalExpr([]byte(exprRaw))
 	if err != nil {
 		return WorkflowNodeConfigForCondition{}
 	}
 	return WorkflowNodeConfigForCondition{
 		Expression: expr,
 	}
 }
@@ -176,9 +204,6 @@ type WorkflowNodeIO struct {
 	ValueSelector WorkflowNodeIOValueSelector `json:"valueSelector"`
 }
-type WorkflowNodeIOValueSelector struct {
+type WorkflowNodeIOValueSelector = expr.ExprValueSelector
 	Id   string `json:"id"`
 	Name string `json:"name"`
 }
 const WorkflowNodeIONameCertificate string = "certificate"
--- a/internal/notify/notifier.go
+++ b/internal/notify/notifier.go
@@ -0,0 +1,72 @@
 package notify
 import (
 	"context"
 	"fmt"
 	"log/slog"
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 	"github.com/usual2970/certimate/internal/repository"
 )
 type Notifier interface {
 	Notify(ctx context.Context) error
 }
 type NotifierWithWorkflowNodeConfig struct {
 	Node    *domain.WorkflowNode
 	Logger  *slog.Logger
 	Subject string
 	Message string
 }
 func NewWithWorkflowNode(config NotifierWithWorkflowNodeConfig) (Notifier, error) {
 	if config.Node == nil {
 		return nil, fmt.Errorf("node is nil")
 	}
 	if config.Node.Type != domain.WorkflowNodeTypeNotify {
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeNotify))
 	}
 	nodeCfg := config.Node.GetConfigForNotify()
 	options := &notifierProviderOptions{
 		Provider:              domain.NotificationProviderType(nodeCfg.Provider),
 		ProviderAccessConfig:  make(map[string]any),
 		ProviderServiceConfig: nodeCfg.ProviderConfig,
 	}
 	accessRepo := repository.NewAccessRepository()
 	if nodeCfg.ProviderAccessId != "" {
 		access, err := accessRepo.GetById(context.Background(), nodeCfg.ProviderAccessId)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.ProviderAccessId, err)
 		} else {
 			options.ProviderAccessConfig = access.Config
 		}
 	}
 	notifierProvider, err := createNotifierProvider(options)
 	if err != nil {
 		return nil, err
 	}
 	return &notifierImpl{
 		provider: notifierProvider.WithLogger(config.Logger),
 		subject:  config.Subject,
 		message:  config.Message,
 	}, nil
 }
 type notifierImpl struct {
 	provider notifier.Notifier
 	subject  string
 	message  string
 }
 var _ Notifier = (*notifierImpl)(nil)
 func (n *notifierImpl) Notify(ctx context.Context) error {
 	_, err := n.provider.Notify(ctx, n.subject, n.message)
 	return err
 }
--- a/internal/notify/notify.go
+++ b/internal/notify/notify.go
@@ -9,10 +9,11 @@ import (
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
-	"github.com/usual2970/certimate/internal/pkg/utils/maputil"
+	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 	"github.com/usual2970/certimate/internal/repository"
 )
 // Deprecated: v0.4.x 将废弃
 func SendToAllChannels(subject, message string) error {
 	notifiers, err := getEnabledNotifiers()
 	if err != nil {
@@ -38,8 +39,9 @@ func SendToAllChannels(subject, message string) error {
 	return err
 }
 // Deprecated: v0.4.x 将废弃
 func SendToChannel(subject, message string, channel string, channelConfig map[string]any) error {
-	notifier, err := createNotifier(domain.NotifyChannelType(channel), channelConfig)
+	notifier, err := createNotifierProviderUseGlobalSettings(domain.NotifyChannelType(channel), channelConfig)
 	if err != nil {
 		return err
 	}
@@ -48,6 +50,7 @@ func SendToChannel(subject, message string, channel string, channelConfig map[st
 	return err
 }
 // Deprecated: v0.4.x 将废弃
 func getEnabledNotifiers() ([]notifier.Notifier, error) {
 	settingsRepo := repository.NewSettingsRepository()
 	settings, err := settingsRepo.GetByName(context.Background(), "notifyChannels")
@@ -66,7 +69,7 @@ func getEnabledNotifiers() ([]notifier.Notifier, error) {
 			continue
 		}
-		notifier, err := createNotifier(domain.NotifyChannelType(k), v)
+		notifier, err := createNotifierProviderUseGlobalSettings(domain.NotifyChannelType(k), v)
 		if err != nil {
 			continue
 		}
--- a/internal/notify/providers.go
+++ b/internal/notify/providers.go
@@ -2,76 +2,180 @@ package notify
 import (
 	"fmt"
 	"net/http"
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
-	pBark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/bark"
+	pDingTalkBot "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/dingtalkbot"
-	pDingTalk "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/dingtalk"
+	pDiscordBot "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/discordbot"
 	pEmail "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/email"
-	pLark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/lark"
+	pLarkBot "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/larkbot"
-	pServerChan "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/serverchan"
+	pMattermost "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/mattermost"
-	pTelegram "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegram"
+	pSlackBot "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/slackbot"
 	pTelegramBot "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegrambot"
 	pWebhook "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/webhook"
-	pWeCom "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecom"
+	pWeComBot "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecombot"
-	"github.com/usual2970/certimate/internal/pkg/utils/maputil"
+	httputil "github.com/usual2970/certimate/internal/pkg/utils/http"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
-func createNotifier(channel domain.NotifyChannelType, channelConfig map[string]any) (notifier.Notifier, error) {
+type notifierProviderOptions struct {
 	Provider              domain.NotificationProviderType
 	ProviderAccessConfig  map[string]any
 	ProviderServiceConfig map[string]any
 }
 func createNotifierProvider(options *notifierProviderOptions) (notifier.Notifier, error) {
 	/*
 	  注意：如果追加新的常量值，请保持以 ASCII 排序。
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
-	switch channel {
+	switch options.Provider {
-	case domain.NotifyChannelTypeBark:
+	case domain.NotificationProviderTypeDingTalkBot:
-		return pBark.NewNotifier(&pBark.NotifierConfig{
+		{
-			DeviceKey: maputil.GetString(channelConfig, "deviceKey"),
+			access := domain.AccessConfigForDingTalkBot{}
-			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
-		})
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
-	case domain.NotifyChannelTypeDingTalk:
+			return pDingTalkBot.NewNotifier(&pDingTalkBot.NotifierConfig{
-		return pDingTalk.NewNotifier(&pDingTalk.NotifierConfig{
+				WebhookUrl: access.WebhookUrl,
-			AccessToken: maputil.GetString(channelConfig, "accessToken"),
+				Secret:     access.Secret,
-			Secret:      maputil.GetString(channelConfig, "secret"),
+			})
-		})
+		}
-	case domain.NotifyChannelTypeEmail:
+	case domain.NotificationProviderTypeDiscordBot:
-		return pEmail.NewNotifier(&pEmail.NotifierConfig{
+		{
-			SmtpHost:        maputil.GetString(channelConfig, "smtpHost"),
+			access := domain.AccessConfigForDiscordBot{}
-			SmtpPort:        maputil.GetInt32(channelConfig, "smtpPort"),
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
-			SmtpTLS:         maputil.GetOrDefaultBool(channelConfig, "smtpTLS", true),
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
-			Username:        maputil.GetOrDefaultString(channelConfig, "username", maputil.GetString(channelConfig, "senderAddress")),
+			}
 			Password:        maputil.GetString(channelConfig, "password"),
 			SenderAddress:   maputil.GetString(channelConfig, "senderAddress"),
 			ReceiverAddress: maputil.GetString(channelConfig, "receiverAddress"),
 		})
-	case domain.NotifyChannelTypeLark:
+			return pDiscordBot.NewNotifier(&pDiscordBot.NotifierConfig{
-		return pLark.NewNotifier(&pLark.NotifierConfig{
+				BotToken:  access.BotToken,
-			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
+				ChannelId: maputil.GetOrDefaultString(options.ProviderServiceConfig, "channelId", access.DefaultChannelId),
-		})
+			})
 		}
-	case domain.NotifyChannelTypeServerChan:
+	case domain.NotificationProviderTypeEmail:
-		return pServerChan.NewNotifier(&pServerChan.NotifierConfig{
+		{
-			Url: maputil.GetString(channelConfig, "url"),
+			access := domain.AccessConfigForEmail{}
-		})
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
-	case domain.NotifyChannelTypeTelegram:
+			return pEmail.NewNotifier(&pEmail.NotifierConfig{
-		return pTelegram.NewNotifier(&pTelegram.NotifierConfig{
+				SmtpHost:        access.SmtpHost,
-			ApiToken: maputil.GetString(channelConfig, "apiToken"),
+				SmtpPort:        access.SmtpPort,
-			ChatId:   maputil.GetInt64(channelConfig, "chatId"),
+				SmtpTls:         access.SmtpTls,
-		})
+				Username:        access.Username,
 				Password:        access.Password,
 				SenderAddress:   maputil.GetOrDefaultString(options.ProviderServiceConfig, "senderAddress", access.DefaultSenderAddress),
 				ReceiverAddress: maputil.GetOrDefaultString(options.ProviderServiceConfig, "receiverAddress", access.DefaultReceiverAddress),
 			})
 		}
-	case domain.NotifyChannelTypeWebhook:
+	case domain.NotificationProviderTypeLarkBot:
-		return pWebhook.NewNotifier(&pWebhook.NotifierConfig{
+		{
-			Url:                      maputil.GetString(channelConfig, "url"),
+			access := domain.AccessConfigForLarkBot{}
-			AllowInsecureConnections: maputil.GetBool(channelConfig, "allowInsecureConnections"),
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
-		})
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
-	case domain.NotifyChannelTypeWeCom:
+			return pLarkBot.NewNotifier(&pLarkBot.NotifierConfig{
-		return pWeCom.NewNotifier(&pWeCom.NotifierConfig{
+				WebhookUrl: access.WebhookUrl,
-			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
+			})
-		})
+		}
 	case domain.NotificationProviderTypeMattermost:
 		{
 			access := domain.AccessConfigForMattermost{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			return pMattermost.NewNotifier(&pMattermost.NotifierConfig{
 				ServerUrl: access.ServerUrl,
 				Username:  access.Username,
 				Password:  access.Password,
 				ChannelId: maputil.GetOrDefaultString(options.ProviderServiceConfig, "channelId", access.DefaultChannelId),
 			})
 		}
 	case domain.NotificationProviderTypeSlackBot:
 		{
 			access := domain.AccessConfigForSlackBot{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			return pSlackBot.NewNotifier(&pSlackBot.NotifierConfig{
 				BotToken:  access.BotToken,
 				ChannelId: maputil.GetOrDefaultString(options.ProviderServiceConfig, "channelId", access.DefaultChannelId),
 			})
 		}
 	case domain.NotificationProviderTypeTelegramBot:
 		{
 			access := domain.AccessConfigForTelegramBot{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			return pTelegramBot.NewNotifier(&pTelegramBot.NotifierConfig{
 				BotToken: access.BotToken,
 				ChatId:   maputil.GetOrDefaultInt64(options.ProviderServiceConfig, "chatId", access.DefaultChatId),
 			})
 		}
 	case domain.NotificationProviderTypeWebhook:
 		{
 			access := domain.AccessConfigForWebhook{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			mergedHeaders := make(map[string]string)
 			if defaultHeadersString := access.HeadersString; defaultHeadersString != "" {
 				h, err := httputil.ParseHeaders(defaultHeadersString)
 				if err != nil {
 					return nil, fmt.Errorf("failed to parse webhook headers: %w", err)
 				}
 				for key := range h {
 					mergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)
 				}
 			}
 			if extendedHeadersString := maputil.GetString(options.ProviderServiceConfig, "headers"); extendedHeadersString != "" {
 				h, err := httputil.ParseHeaders(extendedHeadersString)
 				if err != nil {
 					return nil, fmt.Errorf("failed to parse webhook headers: %w", err)
 				}
 				for key := range h {
 					mergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)
 				}
 			}
 			return pWebhook.NewNotifier(&pWebhook.NotifierConfig{
 				WebhookUrl:               access.Url,
 				WebhookData:              maputil.GetOrDefaultString(options.ProviderServiceConfig, "webhookData", access.DefaultDataForNotification),
 				Method:                   access.Method,
 				Headers:                  mergedHeaders,
 				AllowInsecureConnections: access.AllowInsecureConnections,
 			})
 		}
 	case domain.NotificationProviderTypeWeComBot:
 		{
 			access := domain.AccessConfigForWeComBot{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 			return pWeComBot.NewNotifier(&pWeComBot.NotifierConfig{
 				WebhookUrl: access.WebhookUrl,
 			})
 		}
 	}
-	return nil, fmt.Errorf("unsupported notifier channel: %s", channelConfig)
+	return nil, fmt.Errorf("unsupported notifier provider '%s'", options.Provider)
 }
--- a/internal/notify/providers_deprecated.go
+++ b/internal/notify/providers_deprecated.go
@@ -0,0 +1,108 @@
 package notify
 import (
 	"fmt"
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 	pBark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/bark"
 	pDingTalk "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/dingtalkbot"
 	pEmail "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/email"
 	pGotify "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/gotify"
 	pLark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/larkbot"
 	pMattermost "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/mattermost"
 	pPushover "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/pushover"
 	pPushPlus "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/pushplus"
 	pServerChan "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/serverchan"
 	pTelegram "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegrambot"
 	pWebhook "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/webhook"
 	pWeCom "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecombot"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
 // Deprecated: v0.4.x 将废弃
 func createNotifierProviderUseGlobalSettings(channel domain.NotifyChannelType, channelConfig map[string]any) (notifier.Notifier, error) {
 	/*
 	  注意：如果追加新的常量值，请保持以 ASCII 排序。
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
 	switch channel {
 	case domain.NotifyChannelTypeBark:
 		return pBark.NewNotifier(&pBark.NotifierConfig{
 			DeviceKey: maputil.GetString(channelConfig, "deviceKey"),
 			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
 		})
 	case domain.NotifyChannelTypeDingTalk:
 		return pDingTalk.NewNotifier(&pDingTalk.NotifierConfig{
 			WebhookUrl: "https://oapi.dingtalk.com/robot/send?access_token=" + maputil.GetString(channelConfig, "accessToken"),
 			Secret:     maputil.GetString(channelConfig, "secret"),
 		})
 	case domain.NotifyChannelTypeEmail:
 		return pEmail.NewNotifier(&pEmail.NotifierConfig{
 			SmtpHost:        maputil.GetString(channelConfig, "smtpHost"),
 			SmtpPort:        maputil.GetInt32(channelConfig, "smtpPort"),
 			SmtpTls:         maputil.GetOrDefaultBool(channelConfig, "smtpTLS", true),
 			Username:        maputil.GetOrDefaultString(channelConfig, "username", maputil.GetString(channelConfig, "senderAddress")),
 			Password:        maputil.GetString(channelConfig, "password"),
 			SenderAddress:   maputil.GetString(channelConfig, "senderAddress"),
 			ReceiverAddress: maputil.GetString(channelConfig, "receiverAddress"),
 		})
 	case domain.NotifyChannelTypeGotify:
 		return pGotify.NewNotifier(&pGotify.NotifierConfig{
 			ServerUrl: maputil.GetString(channelConfig, "url"),
 			Token:     maputil.GetString(channelConfig, "token"),
 			Priority:  maputil.GetOrDefaultInt64(channelConfig, "priority", 1),
 		})
 	case domain.NotifyChannelTypeLark:
 		return pLark.NewNotifier(&pLark.NotifierConfig{
 			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
 		})
 	case domain.NotifyChannelTypeMattermost:
 		return pMattermost.NewNotifier(&pMattermost.NotifierConfig{
 			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
 			ChannelId: maputil.GetString(channelConfig, "channelId"),
 			Username:  maputil.GetString(channelConfig, "username"),
 			Password:  maputil.GetString(channelConfig, "password"),
 		})
 	case domain.NotifyChannelTypePushover:
 		return pPushover.NewNotifier(&pPushover.NotifierConfig{
 			Token: maputil.GetString(channelConfig, "token"),
 			User:  maputil.GetString(channelConfig, "user"),
 		})
 	case domain.NotifyChannelTypePushPlus:
 		return pPushPlus.NewNotifier(&pPushPlus.NotifierConfig{
 			Token: maputil.GetString(channelConfig, "token"),
 		})
 	case domain.NotifyChannelTypeServerChan:
 		return pServerChan.NewNotifier(&pServerChan.NotifierConfig{
 			ServerUrl: maputil.GetString(channelConfig, "url"),
 		})
 	case domain.NotifyChannelTypeTelegram:
 		return pTelegram.NewNotifier(&pTelegram.NotifierConfig{
 			BotToken: maputil.GetString(channelConfig, "apiToken"),
 			ChatId:   maputil.GetInt64(channelConfig, "chatId"),
 		})
 	case domain.NotifyChannelTypeWebhook:
 		return pWebhook.NewNotifier(&pWebhook.NotifierConfig{
 			WebhookUrl:               maputil.GetString(channelConfig, "url"),
 			AllowInsecureConnections: maputil.GetBool(channelConfig, "allowInsecureConnections"),
 		})
 	case domain.NotifyChannelTypeWeCom:
 		return pWeCom.NewNotifier(&pWeCom.NotifierConfig{
 			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
 		})
 	}
 	return nil, fmt.Errorf("unsupported notifier channel '%s'", channelConfig)
 }
--- a/internal/notify/service.go
+++ b/internal/notify/service.go
@@ -8,25 +8,30 @@ import (
 	"github.com/usual2970/certimate/internal/domain/dtos"
 )
 // Deprecated: v0.4.x 将废弃
 const (
 	notifyTestTitle = "测试通知"
 	notifyTestBody  = "欢迎使用 Certimate ，这是一条测试通知。"
 )
 // Deprecated: v0.4.x 将废弃
 type settingsRepository interface {
 	GetByName(ctx context.Context, name string) (*domain.Settings, error)
 }
 // Deprecated: v0.4.x 将废弃
 type NotifyService struct {
 	settingsRepo settingsRepository
 }
 // Deprecated: v0.4.x 将废弃
 func NewNotifyService(settingsRepo settingsRepository) *NotifyService {
 	return &NotifyService{
 		settingsRepo: settingsRepo,
 	}
 }
 // Deprecated: v0.4.x 将废弃
 func (n *NotifyService) Test(ctx context.Context, req *dtos.NotifyTestPushReq) error {
 	settings, err := n.settingsRepo.GetByName(ctx, "notifyChannels")
 	if err != nil {
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/acmehttpreq/acmehttpreq.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/acmehttpreq/acmehttpreq.go
@@ -1,4 +1,4 @@
-package acmehttpreq
+package acmehttpreq
 import (
 	"net/url"
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/aliyun_esa.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/aliyun_esa.go
@@ -0,0 +1,41 @@
 package aliyunesa
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	internal "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal"
 )
 type ChallengeProviderConfig struct {
 	AccessKeyId           string `json:"accessKeyId"`
 	AccessKeySecret       string `json:"accessKeySecret"`
 	Region                string `json:"region"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := internal.NewDefaultConfig()
 	providerConfig.SecretID = config.AccessKeyId
 	providerConfig.SecretKey = config.AccessKeySecret
 	providerConfig.RegionID = config.Region
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = config.DnsTTL
 	}
 	provider, err := internal.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal/lego.go
@@ -0,0 +1,271 @@
 package internal
 import (
 	"errors"
 	"fmt"
 	"sync"
 	"time"
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	aliesa "github.com/alibabacloud-go/esa-20240910/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 )
 const (
 	envNamespace = "ALICLOUDESA_"
 	EnvAccessKey = envNamespace + "ACCESS_KEY"
 	EnvSecretKey = envNamespace + "SECRET_KEY"
 	EnvRegionID  = envNamespace + "REGION_ID"
 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
 	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
 	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
 )
 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
 type Config struct {
 	SecretID  string
 	SecretKey string
 	RegionID  string
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
 	TTL                int32
 	HTTPTimeout        time.Duration
 }
 type DNSProvider struct {
 	client *aliesa.Client
 	config *Config
 	siteIDs    map[string]int64
 	siteIDsMtx sync.Mutex
 }
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                int32(env.GetOrDefaultInt(EnvTTL, 300)),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
 		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
 		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
 	}
 }
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get(EnvAccessKey, EnvSecretKey, EnvRegionID)
 	if err != nil {
 		return nil, fmt.Errorf("alicloud-esa: %w", err)
 	}
 	config := NewDefaultConfig()
 	config.SecretID = values[EnvAccessKey]
 	config.SecretKey = values[EnvSecretKey]
 	config.RegionID = values[EnvRegionID]
 	return NewDNSProviderConfig(config)
 }
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("alicloud-esa: the configuration of the DNS provider is nil")
 	}
 	client, err := aliesa.NewClient(&aliopen.Config{
 		AccessKeyId:     tea.String(config.SecretID),
 		AccessKeySecret: tea.String(config.SecretKey),
 		Endpoint:        tea.String(fmt.Sprintf("esa.%s.aliyuncs.com", config.RegionID)),
 	})
 	if err != nil {
 		return nil, fmt.Errorf("alicloud-esa: %w", err)
 	}
 	return &DNSProvider{
 		client: client,
 		config: config,
 		siteIDs: make(map[string]int64),
 	}, nil
 }
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
 		return fmt.Errorf("alicloud-esa: could not find zone for domain %q: %w", domain, err)
 	}
 	siteName := dns01.UnFqdn(authZone)
 	siteId, err := d.getSiteId(siteName)
 	if err != nil {
 		return fmt.Errorf("alicloud-esa: could not find site for zone %q: %w", siteName, err)
 	}
 	if err := d.addOrUpdateDNSRecord(siteId, dns01.UnFqdn(info.EffectiveFQDN), info.Value); err != nil {
 		return fmt.Errorf("alicloud-esa: %w", err)
 	}
 	return nil
 }
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
 		return fmt.Errorf("alicloud-esa: could not find zone for domain %q: %w", domain, err)
 	}
 	siteName := dns01.UnFqdn(authZone)
 	siteId, err := d.getSiteId(siteName)
 	if err != nil {
 		return fmt.Errorf("alicloud-esa: could not find site for zone %q: %w", siteName, err)
 	}
 	if err := d.removeDNSRecord(siteId, dns01.UnFqdn(info.EffectiveFQDN)); err != nil {
 		return fmt.Errorf("alicloud-esa: %w", err)
 	}
 	return nil
 }
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
 func (d *DNSProvider) getSiteId(siteName string) (int64, error) {
 	d.siteIDsMtx.Lock()
 	siteID, ok := d.siteIDs[siteName]
 	d.siteIDsMtx.Unlock()
 	if ok {
 		return siteID, nil
 	}
 	pageNumber := 1
 	pageSize := 500
 	for {
 		request := &aliesa.ListSitesRequest{
 			SiteName:       tea.String(siteName),
 			SiteSearchType: tea.String("exact"),
 			PageNumber:     tea.Int32(int32(pageNumber)),
 			PageSize:       tea.Int32(int32(pageSize)),
 			AccessType:     tea.String("NS"),
 		}
 		response, err := d.client.ListSites(request)
 		if err != nil {
 			return 0, err
 		}
 		if response.Body == nil {
 			break
 		} else {
 			for _, record := range response.Body.Sites {
 				if tea.StringValue(record.SiteName) == siteName {
 					d.siteIDsMtx.Lock()
 					d.siteIDs[siteName] = *record.SiteId
 					d.siteIDsMtx.Unlock()
 					return *record.SiteId, nil
 				}
 			}
 			if len(response.Body.Sites) < pageSize {
 				break
 			}
 			pageNumber++
 		}
 	}
 	return 0, errors.New("site not found")
 }
 func (d *DNSProvider) findDNSRecord(siteId int64, effectiveFQDN string) (*aliesa.ListRecordsResponseBodyRecords, error) {
 	pageNumber := 1
 	pageSize := 500
 	for {
 		request := &aliesa.ListRecordsRequest{
 			SiteId:          tea.Int64(siteId),
 			Type:            tea.String("TXT"),
 			RecordName:      tea.String(effectiveFQDN),
 			RecordMatchType: tea.String("exact"),
 			PageNumber:      tea.Int32(int32(pageNumber)),
 			PageSize:        tea.Int32(int32(pageSize)),
 		}
 		response, err := d.client.ListRecords(request)
 		if err != nil {
 			return nil, err
 		}
 		if response.Body == nil {
 			break
 		} else {
 			for _, record := range response.Body.Records {
 				if tea.StringValue(record.RecordName) == effectiveFQDN {
 					return record, nil
 				}
 			}
 			if len(response.Body.Records) < pageSize {
 				break
 			}
 			pageNumber++
 		}
 	}
 	return nil, nil
 }
 func (d *DNSProvider) addOrUpdateDNSRecord(siteId int64, effectiveFQDN, value string) error {
 	record, err := d.findDNSRecord(siteId, effectiveFQDN)
 	if err != nil {
 		return err
 	}
 	if record == nil {
 		request := &aliesa.CreateRecordRequest{
 			SiteId:     tea.Int64(siteId),
 			Type:       tea.String("TXT"),
 			RecordName: tea.String(effectiveFQDN),
 			Data: &aliesa.CreateRecordRequestData{
 				Value: tea.String(value),
 			},
 			Ttl: tea.Int32(d.config.TTL),
 		}
 		_, err := d.client.CreateRecord(request)
 		return err
 	} else {
 		request := &aliesa.UpdateRecordRequest{
 			RecordId: record.RecordId,
 			Ttl:      tea.Int32(d.config.TTL),
 			Data: &aliesa.UpdateRecordRequestData{
 				Value: tea.String(value),
 			},
 		}
 		_, err := d.client.UpdateRecord(request)
 		return err
 	}
 }
 func (d *DNSProvider) removeDNSRecord(siteId int64, effectiveFQDN string) error {
 	record, err := d.findDNSRecord(siteId, effectiveFQDN)
 	if err != nil {
 		return err
 	}
 	if record == nil {
 		return nil
 	} else {
 		request := &aliesa.DeleteRecordRequest{
 			RecordId: record.RecordId,
 		}
 		_, err = d.client.DeleteRecord(request)
 		return err
 	}
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns/azure-dns.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns/azure-dns.go
@@ -6,7 +6,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/azuredns"
-	azcommon "github.com/usual2970/certimate/internal/pkg/vendors/azure-sdk/common"
+	azcommon "github.com/usual2970/certimate/internal/pkg/sdk3rd/azure/common"
 )
 type ChallengeProviderConfig struct {
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go
@@ -1,4 +1,4 @@
-package lego_baiducloud
+package internal
 import (
 	"errors"
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
-	bceDns "github.com/baidubce/bce-sdk-go/services/dns"
+	bcedns "github.com/baidubce/bce-sdk-go/services/dns"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
@@ -38,7 +38,7 @@ type Config struct {
 }
 type DNSProvider struct {
-	client *bceDns.Client
+	client *bcedns.Client
 	config *Config
 }
@@ -69,7 +69,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("baiducloud: the configuration of the DNS provider is nil")
 	}
-	client, err := bceDns.NewClient(config.AccessKeyID, config.SecretAccessKey, "")
+	client, err := bcedns.NewClient(config.AccessKeyID, config.SecretAccessKey, "")
 	if err != nil {
 		return nil, err
 	} else {
@@ -89,7 +89,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("baiducloud: %w", err)
+		return fmt.Errorf("baiducloud: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -109,7 +109,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("baiducloud: %w", err)
+		return fmt.Errorf("baiducloud: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -128,11 +128,11 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-func (d *DNSProvider) getDNSRecord(zoneName, subDomain string) (*bceDns.Record, error) {
+func (d *DNSProvider) findDNSRecord(zoneName, subDomain string) (*bcedns.Record, error) {
 	pageMarker := ""
 	pageSize := 1000
 	for {
-		request := &bceDns.ListRecordRequest{}
+		request := &bcedns.ListRecordRequest{}
 		request.Rr = subDomain
 		request.Marker = pageMarker
 		request.MaxKeys = pageSize
@@ -159,13 +159,13 @@ func (d *DNSProvider) getDNSRecord(zoneName, subDomain string) (*bceDns.Record,
 }
 func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) error {
-	record, err := d.getDNSRecord(zoneName, subDomain)
+	record, err := d.findDNSRecord(zoneName, subDomain)
 	if err != nil {
 		return err
 	}
 	if record == nil {
-		request := &bceDns.CreateRecordRequest{
+		request := &bcedns.CreateRecordRequest{
 			Type:  "TXT",
 			Rr:    subDomain,
 			Value: value,
@@ -174,7 +174,7 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 		err := d.client.CreateRecord(zoneName, request, d.generateClientToken())
 		return err
 	} else {
-		request := &bceDns.UpdateRecordRequest{
+		request := &bcedns.UpdateRecordRequest{
 			Type:  "TXT",
 			Rr:    subDomain,
 			Value: value,
@@ -186,7 +186,7 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 }
 func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {
-	record, err := d.getDNSRecord(zoneName, subDomain)
+	record, err := d.findDNSRecord(zoneName, subDomain)
 	if err != nil {
 		return err
 	}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go
@@ -0,0 +1,36 @@
 package bunny
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/bunny"
 )
 type ChallengeProviderConfig struct {
 	ApiKey                string `json:"apiKey"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := bunny.NewDefaultConfig()
 	providerConfig.APIKey = config.ApiKey
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := bunny.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare/cloudflare.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare/cloudflare.go
@@ -9,6 +9,7 @@ import (
 type ChallengeProviderConfig struct {
 	DnsApiToken           string `json:"dnsApiToken"`
 	ZoneApiToken          string `json:"zoneApiToken,omitempty"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
@@ -20,6 +21,7 @@ func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider,
 	providerConfig := cloudflare.NewDefaultConfig()
 	providerConfig.AuthToken = config.DnsApiToken
 	providerConfig.ZoneToken = config.ZoneApiToken
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud/internal/lego.go
@@ -93,7 +93,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	zoneName, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("cmccecloud: %w", err)
+		return fmt.Errorf("cmccecloud: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zoneName)
@@ -106,34 +106,35 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	if err != nil {
 		return err
 	}
 	if record == nil {
 		// add new record
 		resp, err := d.client.CreateRecordOpenapi(&model.CreateRecordOpenapiRequest{
 			CreateRecordOpenapiBody: &model.CreateRecordOpenapiBody{
 				LineId:      "0", // 默认线路
 				Rr:          subDomain,
 				DomainName:  readDomain,
-				Description: "from certimate",
+				Description: "certimate acme",
 				Type:        model.CreateRecordOpenapiBodyTypeEnumTxt,
 				Value:       info.Value,
 				Ttl:         &d.config.TTL,
 			},
 		})
 		if err != nil {
-			return fmt.Errorf("lego: %w", err)
+			return fmt.Errorf("cmccecloud: %w", err)
 		}
 		if resp.State != model.CreateRecordOpenapiResponseStateEnumOk {
-			return fmt.Errorf("lego: create record failed, response state: %s, message: %s, code: %s", resp.State, resp.ErrorMessage, resp.ErrorCode)
+			return fmt.Errorf("cmccecloud: create record failed, response state: %s, message: %s, code: %s", resp.State, resp.ErrorMessage, resp.ErrorCode)
 		}
 		return nil
 	} else {
 		// update record
 		resp, err := d.client.ModifyRecordOpenapi(&model.ModifyRecordOpenapiRequest{
 			ModifyRecordOpenapiBody: &model.ModifyRecordOpenapiBody{
 				RecordId:    record.RecordId,
 				Rr:          subDomain,
 				DomainName:  readDomain,
-				Description: "from certmate",
+				Description: "certmate acme",
 				LineId:      "0",
 				Type:        model.ModifyRecordOpenapiBodyTypeEnumTxt,
 				Value:       info.Value,
@@ -141,44 +142,52 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 			},
 		})
 		if err != nil {
-			return fmt.Errorf("lego: %w", err)
+			return fmt.Errorf("cmccecloud: %w", err)
 		}
 		if resp.State != model.ModifyRecordOpenapiResponseStateEnumOk {
-			return fmt.Errorf("lego: create record failed, response state: %s", resp.State)
+			return fmt.Errorf("cmccecloud: create record failed, response state: %s", resp.State)
 		}
 		return nil
 	}
 }
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	challengeInfo := dns01.GetChallengeInfo(domain, keyAuth)
 	zoneName, err := dns01.FindZoneByFqdn(challengeInfo.FQDN)
 	if err != nil {
-		return fmt.Errorf("cmccecloud: %w", err)
+		return fmt.Errorf("cmccecloud: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(challengeInfo.FQDN, zoneName)
 	if err != nil {
 		return fmt.Errorf("cmccecloud: %w", err)
 	}
 	readDomain := strings.Trim(zoneName, ".")
 	record, err := d.getDomainRecord(readDomain, subDomain)
 	if err != nil {
 		return err
 	}
 	if record == nil {
 		return nil
 	} else {
 		resp, err := d.client.DeleteRecordOpenapi(&model.DeleteRecordOpenapiRequest{
 			DeleteRecordOpenapiBody: &model.DeleteRecordOpenapiBody{
 				RecordIdList: []string{record.RecordId},
 			},
 		})
 		if err != nil {
 			return fmt.Errorf("cmccecloud: %w", err)
 		}
 		if resp.State != model.DeleteRecordOpenapiResponseStateEnumOk {
 			return fmt.Errorf("cmccecloud: delete record failed, unexpected response state: %s", resp.State)
 		}
 	}
-	resp, err := d.client.DeleteRecordOpenapi(&model.DeleteRecordOpenapiRequest{
+
 		DeleteRecordOpenapiBody: &model.DeleteRecordOpenapiBody{
 			RecordIdList: []string{record.RecordId},
 		},
 	})
 	if err != nil {
 		return fmt.Errorf("lego: %w", err)
 	}
 	if resp.State != model.DeleteRecordOpenapiResponseStateEnumOk {
 		return fmt.Errorf("lego: delete record failed, response state: %s", resp.State)
 	}
 	return nil
 }
@@ -204,8 +213,9 @@ func (d *DNSProvider) getDomainRecord(domain string, rr string) (*model.ListReco
 		}
 		if resp.State != model.ListRecordOpenapiResponseStateEnumOk {
 			respStr, _ := json.Marshal(resp)
-			return nil, fmt.Errorf("request error. %s", string(respStr))
+			return nil, fmt.Errorf("cmccecloud: request error: %s", string(respStr))
 		}
 		if resp.Body.Data != nil {
 			for _, item := range *resp.Body.Data {
 				if item.Rr == rr {
@@ -213,9 +223,11 @@ func (d *DNSProvider) getDomainRecord(domain string, rr string) (*model.ListReco
 				}
 			}
 		}
 		if resp.Body.TotalPages == nil || page >= *resp.Body.TotalPages {
 			return nil, nil
 		}
 		page++
 	}
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix/constellix.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix/constellix.go
@@ -0,0 +1,38 @@
 package cloudns
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/constellix"
 )
 type ChallengeProviderConfig struct {
 	ApiKey                string `json:"apiKey"`
 	SecretKey             string `json:"secretKey"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := constellix.NewDefaultConfig()
 	providerConfig.APIKey = config.ApiKey
 	providerConfig.SecretKey = config.SecretKey
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := constellix.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/desec/desec.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/desec/desec.go
@@ -0,0 +1,36 @@
 package desec
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/desec"
 )
 type ChallengeProviderConfig struct {
 	Token                 string `json:"token"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := desec.NewDefaultConfig()
 	providerConfig.Token = config.Token
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := desec.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean/digitalocean.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean/digitalocean.go
@@ -0,0 +1,36 @@
 package namedotcom
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/digitalocean"
 )
 type ChallengeProviderConfig struct {
 	AccessToken           string `json:"accessToken"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := digitalocean.NewDefaultConfig()
 	providerConfig.AuthToken = config.AccessToken
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := digitalocean.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla/internal/lego.go
@@ -1,4 +1,4 @@
-package lego_dnsla
+package internal
 import (
 	"errors"
@@ -10,7 +10,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
-	dnslasdk "github.com/usual2970/certimate/internal/pkg/vendors/dnsla-sdk"
+	dnslasdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/dnsla"
 )
 const (
@@ -83,7 +83,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("dnsla: %w", err)
+		return fmt.Errorf("dnsla: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -103,7 +103,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("dnsla: %w", err)
+		return fmt.Errorf("dnsla: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/duckdns/duckdns.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/duckdns/duckdns.go
@@ -0,0 +1,32 @@
 package namedotcom
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/duckdns"
 )
 type ChallengeProviderConfig struct {
 	Token                 string `json:"token"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := duckdns.NewDefaultConfig()
 	providerConfig.Token = config.Token
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	provider, err := duckdns.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6/internal/lego.go
@@ -1,4 +1,4 @@
-package lego_dynv6
+package internal
 import (
 	"context"
@@ -76,7 +76,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("dynv6: %w", err)
+		return fmt.Errorf("dynv6: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -96,7 +96,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("dynv6: %w", err)
+		return fmt.Errorf("dynv6: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -115,7 +115,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-func (d *DNSProvider) getDNSRecord(zoneName, subDomain string) (*libdns.Record, error) {
+func (d *DNSProvider) findDNSRecord(zoneName, subDomain string) (*libdns.Record, error) {
 	records, err := d.client.GetRecords(context.Background(), zoneName)
 	if err != nil {
 		return nil, err
@@ -131,7 +131,7 @@ func (d *DNSProvider) getDNSRecord(zoneName, subDomain string) (*libdns.Record,
 }
 func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) error {
-	record, err := d.getDNSRecord(zoneName, subDomain)
+	record, err := d.findDNSRecord(zoneName, subDomain)
 	if err != nil {
 		return err
 	}
@@ -153,7 +153,7 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 }
 func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {
-	record, err := d.getDNSRecord(zoneName, subDomain)
+	record, err := d.findDNSRecord(zoneName, subDomain)
 	if err != nil {
 		return err
 	}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/internal/lego.go
@@ -1,4 +1,4 @@
-package lego_gname
+package internal
 import (
 	"errors"
@@ -9,7 +9,7 @@ import (
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
-	gnamesdk "github.com/usual2970/certimate/internal/pkg/vendors/gname-sdk"
+	gnamesdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/gname"
 )
 const (
@@ -82,7 +82,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("gname: %w", err)
+		return fmt.Errorf("gname: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -102,7 +102,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("gname: %w", err)
+		return fmt.Errorf("gname: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -121,9 +121,9 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-func (d *DNSProvider) getDNSRecord(zoneName, subDomain string) (*gnamesdk.ResolutionRecord, error) {
+func (d *DNSProvider) findDNSRecord(zoneName, subDomain string) (*gnamesdk.ResolutionRecord, error) {
-	page := 1
+	page := int32(1)
-	pageSize := 20
+	pageSize := int32(20)
 	for {
 		request := &gnamesdk.ListDomainResolutionRequest{}
 		request.ZoneName = zoneName
@@ -155,7 +155,7 @@ func (d *DNSProvider) getDNSRecord(zoneName, subDomain string) (*gnamesdk.Resolu
 }
 func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) error {
-	record, err := d.getDNSRecord(zoneName, subDomain)
+	record, err := d.findDNSRecord(zoneName, subDomain)
 	if err != nil {
 		return err
 	}
@@ -166,18 +166,19 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 			RecordType:  "TXT",
 			RecordName:  subDomain,
 			RecordValue: value,
-			TTL:         d.config.TTL,
+			TTL:         int32(d.config.TTL),
 		}
 		_, err := d.client.AddDomainResolution(request)
 		return err
 	} else {
 		recordId, _ := record.ID.Int64()
 		request := &gnamesdk.ModifyDomainResolutionRequest{
-			ID:          record.ID,
+			ID:          recordId,
 			ZoneName:    zoneName,
 			RecordType:  "TXT",
 			RecordName:  subDomain,
 			RecordValue: value,
-			TTL:         d.config.TTL,
+			TTL:         int32(d.config.TTL),
 		}
 		_, err := d.client.ModifyDomainResolution(request)
 		return err
@@ -185,7 +186,7 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 }
 func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {
-	record, err := d.getDNSRecord(zoneName, subDomain)
+	record, err := d.findDNSRecord(zoneName, subDomain)
 	if err != nil {
 		return err
 	}
@@ -194,9 +195,10 @@ func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {
 		return nil
 	}
 	recordId, _ := record.ID.Int64()
 	request := &gnamesdk.DeleteDomainResolutionRequest{
 		ZoneName: zoneName,
-		RecordID: record.ID,
+		RecordID: recordId,
 	}
 	_, err = d.client.DeleteDomainResolution(request)
 	return err
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/hetzner/hetzner.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/hetzner/hetzner.go
@@ -0,0 +1,36 @@
 package namedotcom
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/hetzner"
 )
 type ChallengeProviderConfig struct {
 	ApiToken              string `json:"apiToken"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := hetzner.NewDefaultConfig()
 	providerConfig.APIKey = config.ApiToken
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := hetzner.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud/internal/lego.go
@@ -1,4 +1,4 @@
-package lego_jdcloud
+package internal
 import (
 	"errors"
@@ -8,10 +8,10 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
-	jdCore "github.com/jdcloud-api/jdcloud-sdk-go/core"
+	jdcore "github.com/jdcloud-api/jdcloud-sdk-go/core"
-	jdDnsApi "github.com/jdcloud-api/jdcloud-sdk-go/services/domainservice/apis"
+	jddnsapi "github.com/jdcloud-api/jdcloud-sdk-go/services/domainservice/apis"
-	jdDnsClient "github.com/jdcloud-api/jdcloud-sdk-go/services/domainservice/client"
+	jddnsclient "github.com/jdcloud-api/jdcloud-sdk-go/services/domainservice/client"
-	jdDnsModel "github.com/jdcloud-api/jdcloud-sdk-go/services/domainservice/models"
+	jddnsmodel "github.com/jdcloud-api/jdcloud-sdk-go/services/domainservice/models"
 )
 const (
@@ -41,7 +41,7 @@ type Config struct {
 }
 type DNSProvider struct {
-	client *jdDnsClient.DomainserviceClient
+	client *jddnsclient.DomainserviceClient
 	config *Config
 }
@@ -73,12 +73,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("jdcloud: the configuration of the DNS provider is nil")
 	}
-	clientCredentials := jdCore.NewCredentials(config.AccessKeyID, config.AccessKeySecret)
+	clientCredentials := jdcore.NewCredentials(config.AccessKeyID, config.AccessKeySecret)
-	client := jdDnsClient.NewDomainserviceClient(clientCredentials)
+	client := jddnsclient.NewDomainserviceClient(clientCredentials)
 	clientConfig := &client.Config
 	clientConfig.SetTimeout(config.HTTPTimeout)
 	client.SetConfig(clientConfig)
-	client.SetLogger(jdCore.NewDefaultLogger(jdCore.LogWarn))
+	client.SetLogger(jdcore.NewDefaultLogger(jdcore.LogWarn))
 	return &DNSProvider{
 		client: client,
@@ -91,7 +91,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("jdcloud: %w", err)
+		return fmt.Errorf("jdcloud: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -111,7 +111,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
-		return fmt.Errorf("jdcloud: %w", err)
+		return fmt.Errorf("jdcloud: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
@@ -130,11 +130,11 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-func (d *DNSProvider) getDNSZone(zoneName string) (*jdDnsModel.DomainInfo, error) {
+func (d *DNSProvider) getDNSZone(zoneName string) (*jddnsmodel.DomainInfo, error) {
 	pageNumber := 1
 	pageSize := 10
 	for {
-		request := jdDnsApi.NewDescribeDomainsRequest(d.config.RegionId, pageNumber, pageSize)
+		request := jddnsapi.NewDescribeDomainsRequest(d.config.RegionId, pageNumber, pageSize)
 		request.SetDomainName(zoneName)
 		response, err := d.client.DescribeDomains(request)
@@ -158,7 +158,7 @@ func (d *DNSProvider) getDNSZone(zoneName string) (*jdDnsModel.DomainInfo, error
 	return nil, fmt.Errorf("jdcloud: zone %s not found", zoneName)
 }
-func (d *DNSProvider) getDNSZoneAndRecord(zoneName, subDomain string) (*jdDnsModel.DomainInfo, *jdDnsModel.RRInfo, error) {
+func (d *DNSProvider) getDNSZoneAndRecord(zoneName, subDomain string) (*jddnsmodel.DomainInfo, *jddnsmodel.RRInfo, error) {
 	zone, err := d.getDNSZone(zoneName)
 	if err != nil {
 		return nil, nil, err
@@ -167,7 +167,7 @@ func (d *DNSProvider) getDNSZoneAndRecord(zoneName, subDomain string) (*jdDnsMod
 	pageNumber := 1
 	pageSize := 10
 	for {
-		request := jdDnsApi.NewDescribeResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id))
+		request := jddnsapi.NewDescribeResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id))
 		request.SetSearch(subDomain)
 		request.SetPageNumber(pageNumber)
 		request.SetPageSize(pageSize)
@@ -200,7 +200,7 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 	}
 	if record == nil {
-		request := jdDnsApi.NewCreateResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id), &jdDnsModel.AddRR{
+		request := jddnsapi.NewCreateResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id), &jddnsmodel.AddRR{
 			Type:       "TXT",
 			HostRecord: subDomain,
 			HostValue:  value,
@@ -210,7 +210,7 @@ func (d *DNSProvider) addOrUpdateDNSRecord(zoneName, subDomain, value string) er
 		_, err := d.client.CreateResourceRecord(request)
 		return err
 	} else {
-		request := jdDnsApi.NewModifyResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id), fmt.Sprintf("%d", record.Id), &jdDnsModel.UpdateRR{
+		request := jddnsapi.NewModifyResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id), fmt.Sprintf("%d", record.Id), &jddnsmodel.UpdateRR{
 			Type:       "TXT",
 			HostRecord: subDomain,
 			HostValue:  value,
@@ -231,7 +231,7 @@ func (d *DNSProvider) removeDNSRecord(zoneName, subDomain string) error {
 	if record == nil {
 		return nil
 	} else {
-		request := jdDnsApi.NewDeleteResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id), fmt.Sprintf("%d", record.Id))
+		request := jddnsapi.NewDeleteResourceRecordRequest(d.config.RegionId, fmt.Sprintf("%d", zone.Id), fmt.Sprintf("%d", record.Id))
 		_, err = d.client.DeleteResourceRecord(request)
 		return err
 	}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/netcup/netcup.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/netcup/netcup.go
@@ -0,0 +1,40 @@
 package netcup
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/netcup"
 )
 type ChallengeProviderConfig struct {
 	CustomerNumber        string `json:"customerNumber"`
 	ApiKey                string `json:"apiKey"`
 	ApiPassword           string `json:"apiPassword"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := netcup.NewDefaultConfig()
 	providerConfig.Customer = config.CustomerNumber
 	providerConfig.Key = config.ApiKey
 	providerConfig.Password = config.ApiPassword
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := netcup.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/netlify/netlify.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/netlify/netlify.go
@@ -0,0 +1,36 @@
 package netcup
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/netlify"
 )
 type ChallengeProviderConfig struct {
 	ApiToken              string `json:"apiToken"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := netlify.NewDefaultConfig()
 	providerConfig.Token = config.ApiToken
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := netlify.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/porkbun/porkbun.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/porkbun/porkbun.go
@@ -0,0 +1,38 @@
 package porkbun
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/porkbun"
 )
 type ChallengeProviderConfig struct {
 	ApiKey                string `json:"apiKey"`
 	SecretApiKey          string `json:"secretApiKey"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := porkbun.NewDefaultConfig()
 	providerConfig.APIKey = config.ApiKey
 	providerConfig.SecretAPIKey = config.SecretApiKey
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := porkbun.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns/powerdns.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns/powerdns.go
@@ -1,6 +1,8 @@
-package namesilo
+package powerdns
 import (
 	"crypto/tls"
 	"net/http"
 	"net/url"
 	"time"
@@ -9,10 +11,11 @@ import (
 )
 type ChallengeProviderConfig struct {
-	ApiUrl                string `json:"apiUrl"`
+	ServerUrl                string `json:"serverUrl"`
-	ApiKey                string `json:"apiKey"`
+	ApiKey                   string `json:"apiKey"`
-	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
+	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
-	DnsTTL                int32  `json:"dnsTTL,omitempty"`
+	DnsPropagationTimeout    int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                   int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
@@ -20,10 +23,18 @@ func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider,
 		panic("config is nil")
 	}
-	host, _ := url.Parse(config.ApiUrl)
+	serverUrl, _ := url.Parse(config.ServerUrl)
 	providerConfig := pdns.NewDefaultConfig()
-	providerConfig.Host = host
+	providerConfig.Host = serverUrl
 	providerConfig.APIKey = config.ApiKey
 	if config.AllowInsecureConnections {
 		providerConfig.HTTPClient.Transport = &http.Transport{
 			Proxy: http.ProxyFromEnvironment,
 			TLSClientConfig: &tls.Config{
 				InsecureSkipVerify: true,
 			},
 		}
 	}
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go
@@ -0,0 +1,207 @@
 package internal
 import (
 	"errors"
 	"fmt"
 	"math"
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
 	teo "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
 )
 const (
 	envNamespace = "TENCENTCLOUDEO_"
 	EnvSecretID  = envNamespace + "SECRET_ID"
 	EnvSecretKey = envNamespace + "SECRET_KEY"
 	EnvZoneID    = envNamespace + "ZONE_ID"
 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
 	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
 	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
 )
 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
 type Config struct {
 	SecretID  string
 	SecretKey string
 	ZoneID    string
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
 	TTL                int32
 	HTTPTimeout        time.Duration
 }
 type DNSProvider struct {
 	client *teo.Client
 	config *Config
 }
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                int32(env.GetOrDefaultInt(EnvTTL, 300)),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
 		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
 		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
 	}
 }
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get(EnvSecretID, EnvSecretKey, EnvZoneID)
 	if err != nil {
 		return nil, fmt.Errorf("tencentcloud-eo: %w", err)
 	}
 	config := NewDefaultConfig()
 	config.SecretID = values[EnvSecretID]
 	config.SecretKey = values[EnvSecretKey]
 	config.ZoneID = values[EnvSecretKey]
 	return NewDNSProviderConfig(config)
 }
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("tencentcloud-eo: the configuration of the DNS provider is nil")
 	}
 	credential := common.NewCredential(config.SecretID, config.SecretKey)
 	cpf := profile.NewClientProfile()
 	cpf.HttpProfile.ReqTimeout = int(math.Round(config.HTTPTimeout.Seconds()))
 	client, err := teo.NewClient(credential, "", cpf)
 	if err != nil {
 		return nil, err
 	}
 	return &DNSProvider{
 		client: client,
 		config: config,
 	}, nil
 }
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 	if err := d.addOrUpdateDNSRecord(dns01.UnFqdn(info.EffectiveFQDN), info.Value); err != nil {
 		return fmt.Errorf("tencentcloud-eo: %w", err)
 	}
 	return nil
 }
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 	if err := d.removeDNSRecord(dns01.UnFqdn(info.EffectiveFQDN)); err != nil {
 		return fmt.Errorf("tencentcloud-eo: %w", err)
 	}
 	return nil
 }
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
 func (d *DNSProvider) findDNSRecord(effectiveFQDN string) (*teo.DnsRecord, error) {
 	pageOffset := 0
 	pageLimit := 1000
 	for {
 		request := teo.NewDescribeDnsRecordsRequest()
 		request.ZoneId = common.StringPtr(d.config.ZoneID)
 		request.Offset = common.Int64Ptr(int64(pageOffset))
 		request.Limit = common.Int64Ptr(int64(pageLimit))
 		request.Filters = []*teo.AdvancedFilter{
 			{
 				Name:   common.StringPtr("type"),
 				Values: []*string{common.StringPtr("TXT")},
 			},
 		}
 		response, err := d.client.DescribeDnsRecords(request)
 		if err != nil {
 			return nil, err
 		}
 		if response.Response == nil {
 			break
 		} else {
 			for _, record := range response.Response.DnsRecords {
 				if *record.Name == effectiveFQDN {
 					return record, nil
 				}
 			}
 			if len(response.Response.DnsRecords) < pageLimit {
 				break
 			}
 			pageOffset += len(response.Response.DnsRecords)
 		}
 	}
 	return nil, nil
 }
 func (d *DNSProvider) addOrUpdateDNSRecord(effectiveFQDN, value string) error {
 	record, err := d.findDNSRecord(effectiveFQDN)
 	if err != nil {
 		return err
 	}
 	if record == nil {
 		request := teo.NewCreateDnsRecordRequest()
 		request.ZoneId = common.StringPtr(d.config.ZoneID)
 		request.Name = common.StringPtr(effectiveFQDN)
 		request.Type = common.StringPtr("TXT")
 		request.Content = common.StringPtr(value)
 		request.TTL = common.Int64Ptr(int64(d.config.TTL))
 		_, err := d.client.CreateDnsRecord(request)
 		return err
 	} else {
 		record.Content = common.StringPtr(value)
 		record.TTL = common.Int64Ptr(int64(d.config.TTL))
 		request := teo.NewModifyDnsRecordsRequest()
 		request.ZoneId = common.StringPtr(d.config.ZoneID)
 		request.DnsRecords = []*teo.DnsRecord{record}
 		if _, err := d.client.ModifyDnsRecords(request); err != nil {
 			return err
 		}
 		if *record.Status == "disable" {
 			request := teo.NewModifyDnsRecordsStatusRequest()
 			request.ZoneId = common.StringPtr(d.config.ZoneID)
 			request.RecordsToEnable = []*string{record.RecordId}
 			if _, err = d.client.ModifyDnsRecordsStatus(request); err != nil {
 				return err
 			}
 		}
 		return nil
 	}
 }
 func (d *DNSProvider) removeDNSRecord(effectiveFQDN string) error {
 	record, err := d.findDNSRecord(effectiveFQDN)
 	if err != nil {
 		return err
 	}
 	if record == nil {
 		return nil
 	} else {
 		request := teo.NewDeleteDnsRecordsRequest()
 		request.ZoneId = common.StringPtr(d.config.ZoneID)
 		request.RecordIds = []*string{record.RecordId}
 		_, err = d.client.DeleteDnsRecords(request)
 		return err
 	}
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/tencentcloud_eo.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/tencentcloud_eo.go
@@ -0,0 +1,41 @@
 package tencentcloudeo
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	internal "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal"
 )
 type ChallengeProviderConfig struct {
 	SecretId              string `json:"secretId"`
 	SecretKey             string `json:"secretKey"`
 	ZoneId                string `json:"zoneId"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := internal.NewDefaultConfig()
 	providerConfig.SecretID = config.SecretId
 	providerConfig.SecretKey = config.SecretKey
 	providerConfig.ZoneID = config.ZoneId
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = config.DnsTTL
 	}
 	provider, err := internal.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal/lego.go
@@ -0,0 +1,165 @@
 package internal
 import (
 	"errors"
 	"fmt"
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/ucloud/ucloud-sdk-go/ucloud"
 	"github.com/ucloud/ucloud-sdk-go/ucloud/auth"
 	"github.com/usual2970/certimate/internal/pkg/sdk3rd/ucloud/udnr"
 )
 const (
 	envNamespace = "UCLOUDUDNR_"
 	EnvPublicKey  = envNamespace + "PUBLIC_KEY"
 	EnvPrivateKey = envNamespace + "PRIVATE_KEY"
 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
 	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
 	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
 )
 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
 type Config struct {
 	PrivateKey string
 	PublicKey  string
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
 	TTL                int32
 	HTTPTimeout        time.Duration
 }
 type DNSProvider struct {
 	client *udnr.UDNRClient
 	config *Config
 }
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                int32(env.GetOrDefaultInt(EnvTTL, 300)),
 		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
 		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
 		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
 	}
 }
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get(EnvPrivateKey, EnvPublicKey)
 	if err != nil {
 		return nil, fmt.Errorf("ucloud-udnr: %w", err)
 	}
 	config := NewDefaultConfig()
 	config.PrivateKey = values[EnvPrivateKey]
 	config.PublicKey = values[EnvPublicKey]
 	return NewDNSProviderConfig(config)
 }
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("ucloud-udnr: the configuration of the DNS provider is nil")
 	}
 	cfg := ucloud.NewConfig()
 	credential := auth.NewCredential()
 	credential.PrivateKey = config.PrivateKey
 	credential.PublicKey = config.PublicKey
 	client := udnr.NewClient(&cfg, &credential)
 	return &DNSProvider{
 		client: client,
 		config: config,
 	}, nil
 }
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
 		return fmt.Errorf("ucloud-udnr: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
 	if err != nil {
 		return fmt.Errorf("ucloud-udnr: %w", err)
 	}
 	udnrDomainDNSQueryReq := d.client.NewQueryDomainDNSRequest()
 	udnrDomainDNSQueryReq.Dn = ucloud.String(authZone)
 	if udnrDomainDNSQueryResp, err := d.client.QueryDomainDNS(udnrDomainDNSQueryReq); err != nil {
 		return fmt.Errorf("ucloud-udnr: %w", err)
 	} else {
 		for _, record := range udnrDomainDNSQueryResp.Data {
 			if record.DnsType == "TXT" && record.RecordName == subDomain {
 				udnrDomainDNSDeleteReq := d.client.NewDeleteDomainDNSRequest()
 				udnrDomainDNSDeleteReq.Dn = ucloud.String(authZone)
 				udnrDomainDNSDeleteReq.DnsType = ucloud.String(record.DnsType)
 				udnrDomainDNSDeleteReq.RecordName = ucloud.String(record.RecordName)
 				udnrDomainDNSDeleteReq.Content = ucloud.String(record.Content)
 				d.client.DeleteDomainDNS(udnrDomainDNSDeleteReq)
 				break
 			}
 		}
 	}
 	udnrDomainDNSAddReq := d.client.NewAddDomainDNSRequest()
 	udnrDomainDNSAddReq.Dn = ucloud.String(authZone)
 	udnrDomainDNSAddReq.DnsType = ucloud.String("TXT")
 	udnrDomainDNSAddReq.RecordName = ucloud.String(subDomain)
 	udnrDomainDNSAddReq.Content = ucloud.String(info.Value)
 	udnrDomainDNSAddReq.TTL = ucloud.Int(int(d.config.TTL))
 	if _, err := d.client.AddDomainDNS(udnrDomainDNSAddReq); err != nil {
 		return fmt.Errorf("ucloud-udnr: %w", err)
 	}
 	return nil
 }
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
 		return fmt.Errorf("ucloud-udnr: could not find zone for domain %q: %w", domain, err)
 	}
 	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
 	if err != nil {
 		return fmt.Errorf("ucloud-udnr: %w", err)
 	}
 	udnrDomainDNSQueryReq := d.client.NewQueryDomainDNSRequest()
 	udnrDomainDNSQueryReq.Dn = ucloud.String(authZone)
 	if udnrDomainDNSQueryResp, err := d.client.QueryDomainDNS(udnrDomainDNSQueryReq); err != nil {
 		return fmt.Errorf("ucloud-udnr: %w", err)
 	} else {
 		for _, record := range udnrDomainDNSQueryResp.Data {
 			if record.DnsType == "TXT" && record.RecordName == subDomain {
 				udnrDomainDNSDeleteReq := d.client.NewDeleteDomainDNSRequest()
 				udnrDomainDNSDeleteReq.Dn = ucloud.String(authZone)
 				udnrDomainDNSDeleteReq.DnsType = ucloud.String(record.DnsType)
 				udnrDomainDNSDeleteReq.RecordName = ucloud.String(record.RecordName)
 				udnrDomainDNSDeleteReq.Content = ucloud.String(record.Content)
 				d.client.DeleteDomainDNS(udnrDomainDNSDeleteReq)
 				break
 			}
 		}
 	}
 	return nil
 }
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/ucloud_udnr.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/ucloud_udnr.go
@@ -0,0 +1,40 @@
 package ucloududnr
 import (
 	"errors"
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal"
 )
 type ChallengeProviderConfig struct {
 	PrivateKey            string `json:"privateKey"`
 	PublicKey             string `json:"publicKey"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		return nil, errors.New("config is nil")
 	}
 	providerConfig := internal.NewDefaultConfig()
 	providerConfig.PrivateKey = config.PrivateKey
 	providerConfig.PublicKey = config.PublicKey
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = config.DnsTTL
 	}
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	provider, err := internal.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/vercel/vercel.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/vercel/vercel.go
@@ -0,0 +1,38 @@
 package vercel
 import (
 	"time"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/providers/dns/vercel"
 )
 type ChallengeProviderConfig struct {
 	ApiAccessToken        string `json:"apiAccessToken"`
 	TeamId                string `json:"teamId,omitempty"`
 	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
 	DnsTTL                int32  `json:"dnsTTL,omitempty"`
 }
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	providerConfig := vercel.NewDefaultConfig()
 	providerConfig.AuthToken = config.ApiAccessToken
 	providerConfig.TeamID = config.TeamId
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}
 	if config.DnsTTL != 0 {
 		providerConfig.TTL = int(config.DnsTTL)
 	}
 	provider, err := vercel.NewDNSProviderConfig(providerConfig)
 	if err != nil {
 		return nil, err
 	}
 	return provider, nil
 }
--- a/internal/pkg/core/deployer/deployer.go
+++ b/internal/pkg/core/deployer/deployer.go
@@ -1,4 +1,4 @@
-package deployer
+package deployer
 import (
 	"context"
@@ -14,13 +14,13 @@ type Deployer interface {
 	//
 	// 入参：
 	//   - ctx：上下文。
-	//   - certPem：证书 PEM 内容。
+	//   - certPEM：证书 PEM 内容。
-	//   - privkeyPem：私钥 PEM 内容。
+	//   - privkeyPEM：私钥 PEM 内容。
 	//
 	// 出参：
 	//   - res：部署结果。
 	//   - err: 错误。
-	Deploy(ctx context.Context, certPem string, privkeyPem string) (res *DeployResult, err error)
+	Deploy(ctx context.Context, certPEM string, privkeyPEM string) (_res *DeployResult, _err error)
 }
 // 表示证书部署结果的数据结构。
--- a/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go
+++ b/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go
@@ -1,21 +1,23 @@
-package onepanelconsole
+package onepanelconsole
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"log/slog"
 	"net/url"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	opsdk "github.com/usual2970/certimate/internal/pkg/vendors/1panel-sdk"
+	onepanelsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel"
 )
 type DeployerConfig struct {
-	// 1Panel 地址。
+	// 1Panel 服务地址。
-	ApiUrl string `json:"apiUrl"`
+	ServerUrl string `json:"serverUrl"`
 	// 1Panel 版本。
 	// 可取值 "v1"、"v2"。
 	ApiVersion string `json:"apiVersion"`
 	// 1Panel 接口密钥。
 	ApiKey string `json:"apiKey"`
 	// 是否允许不安全的连接。
@@ -27,7 +29,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *opsdk.Client
+	sdkClient *onepanelsdk.Client
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -37,9 +39,9 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}
-	client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.AllowInsecureConnections)
+	client, err := createSdkClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	return &DeployerProvider{
@@ -51,18 +53,18 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 设置面板 SSL 证书
-	updateSystemSSLReq := &opsdk.UpdateSystemSSLRequest{
+	updateSystemSSLReq := &onepanelsdk.UpdateSystemSSLRequest{
-		Cert:    certPem,
+		Cert:    certPEM,
-		Key:     privkeyPem,
+		Key:     privkeyPEM,
 		SSL:     "enable",
 		SSLType: "import-paste",
 	}
@@ -74,23 +76,27 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	updateSystemSSLResp, err := d.sdkClient.UpdateSystemSSL(updateSystemSSLReq)
 	d.logger.Debug("sdk request '1panel.UpdateSystemSSL'", slog.Any("request", updateSystemSSLReq), slog.Any("response", updateSystemSSLResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateSystemSSL'")
+		return nil, fmt.Errorf("failed to execute sdk request '1panel.UpdateSystemSSL': %w", err)
 	}
 	return &deployer.DeployResult{}, nil
 }
-func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) {
+func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (*onepanelsdk.Client, error) {
-	if _, err := url.Parse(apiUrl); err != nil {
+	if _, err := url.Parse(serverUrl); err != nil {
-		return nil, errors.New("invalid 1panel api url")
+		return nil, errors.New("invalid 1panel server url")
 	}
 	if apiVersion == "" {
 		return nil, errors.New("invalid 1panel api version")
 	}
 	if apiKey == "" {
 		return nil, errors.New("invalid 1panel api key")
 	}
-	client := opsdk.NewClient(apiUrl, apiKey)
+	client := onepanelsdk.NewClient(serverUrl, apiVersion, apiKey)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
--- a/internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go
+++ b/internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go
@@ -1,4 +1,4 @@
-package onepanelconsole_test
+package onepanelconsole_test
 import (
 	"context"
@@ -14,7 +14,8 @@ import (
 var (
 	fInputCertPath string
 	fInputKeyPath  string
-	fApiUrl        string
+	fServerUrl     string
 	fApiVersion    string
 	fApiKey        string
 )
@@ -23,7 +24,8 @@ func init() {
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
-	flag.StringVar(&fApiUrl, argsPrefix+"APIURL", "", "")
+	flag.StringVar(&fServerUrl, argsPrefix+"SERVERURL", "", "")
 	flag.StringVar(&fApiVersion, argsPrefix+"APIVERSION", "v1", "")
 	flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
 }
@@ -33,7 +35,8 @@ Shell command to run this test:
 	go test -v ./1panel_console_test.go -args \
 	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTKEYPATH="/path/to/your-input-key.pem" \
-	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIURL="http://127.0.0.1:20410" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_SERVERURL="http://127.0.0.1:20410" \
 	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIVERSION="v1" \
 	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIKEY="your-api-key"
 */
 func TestDeploy(t *testing.T) {
@@ -44,12 +47,14 @@ func TestDeploy(t *testing.T) {
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
-			fmt.Sprintf("APIURL: %v", fApiUrl),
+			fmt.Sprintf("SERVERURL: %v", fServerUrl),
 			fmt.Sprintf("APIVERSION: %v", fApiVersion),
 			fmt.Sprintf("APIKEY: %v", fApiKey),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			ApiUrl:                   fApiUrl,
+			ServerUrl:                fServerUrl,
 			ApiVersion:               fApiVersion,
 			ApiKey:                   fApiKey,
 			AllowInsecureConnections: true,
 			AutoRestart:              true,
--- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
@@ -1,36 +1,44 @@
-package onepanelsite
+package onepanelsite
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"log/slog"
 	"net/url"
 	"strconv"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/1panel-ssl"
-	opsdk "github.com/usual2970/certimate/internal/pkg/vendors/1panel-sdk"
+	onepanelsdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/1panel"
 )
 type DeployerConfig struct {
-	// 1Panel 地址。
+	// 1Panel 服务地址。
-	ApiUrl string `json:"apiUrl"`
+	ServerUrl string `json:"serverUrl"`
 	// 1Panel 版本。
 	// 可取值 "v1"、"v2"。
 	ApiVersion string `json:"apiVersion"`
 	// 1Panel 接口密钥。
 	ApiKey string `json:"apiKey"`
 	// 是否允许不安全的连接。
 	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
 	// 网站 ID。
-	WebsiteId int64 `json:"websiteId"`
+	// 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。
 	WebsiteId int64 `json:"websiteId,omitempty"`
 	// 证书 ID。
 	// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。
 	CertificateId int64 `json:"certificateId,omitempty"`
 }
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *opsdk.Client
+	sdkClient   *onepanelsdk.Client
 	sslUploader uploader.Uploader
 }
@@ -41,17 +49,19 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}
-	client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.AllowInsecureConnections)
+	client, err := createSdkClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		ApiUrl: config.ApiUrl,
+		ServerUrl:                config.ServerUrl,
-		ApiKey: config.ApiKey,
+		ApiVersion:               config.ApiVersion,
 		ApiKey:                   config.ApiKey,
 		AllowInsecureConnections: config.AllowInsecureConnections,
 	})
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -64,7 +74,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -72,28 +82,52 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 根据部署资源类型决定部署方式
 	switch d.config.ResourceType {
 	case RESOURCE_TYPE_WEBSITE:
 		if err := d.deployToWebsite(ctx, certPEM, privkeyPEM); err != nil {
 			return nil, err
 		}
 	case RESOURCE_TYPE_CERTIFICATE:
 		if err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {
 			return nil, err
 		}
 	default:
 		return nil, fmt.Errorf("unsupported resource type '%s'", d.config.ResourceType)
 	}
 	return &deployer.DeployResult{}, nil
 }
 func (d *DeployerProvider) deployToWebsite(ctx context.Context, certPEM string, privkeyPEM string) error {
 	if d.config.WebsiteId == 0 {
 		return errors.New("config `websiteId` is required")
 	}
 	// 获取网站 HTTPS 配置
-	getHttpsConfReq := &opsdk.GetHttpsConfRequest{
+	getHttpsConfReq := &onepanelsdk.GetHttpsConfRequest{
 		WebsiteID: d.config.WebsiteId,
 	}
 	getHttpsConfResp, err := d.sdkClient.GetHttpsConf(getHttpsConfReq)
 	d.logger.Debug("sdk request '1panel.GetHttpsConf'", slog.Any("request", getHttpsConfReq), slog.Any("response", getHttpsConfResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.GetHttpsConf'")
+		return fmt.Errorf("failed to execute sdk request '1panel.GetHttpsConf': %w", err)
 	}
 	// 上传证书到面板
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
 	// 修改网站 HTTPS 配置
 	certId, _ := strconv.ParseInt(upres.CertId, 10, 64)
-	updateHttpsConfReq := &opsdk.UpdateHttpsConfRequest{
+	updateHttpsConfReq := &onepanelsdk.UpdateHttpsConfRequest{
 		WebsiteID:    d.config.WebsiteId,
 		Type:         "existed",
 		WebsiteSSLID: certId,
@@ -106,23 +140,59 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	updateHttpsConfResp, err := d.sdkClient.UpdateHttpsConf(updateHttpsConfReq)
 	d.logger.Debug("sdk request '1panel.UpdateHttpsConf'", slog.Any("request", updateHttpsConfReq), slog.Any("response", updateHttpsConfResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateHttpsConf'")
+		return fmt.Errorf("failed to execute sdk request '1panel.UpdateHttpsConf': %w", err)
 	}
-	return &deployer.DeployResult{}, nil
+	return nil
 }
-func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) {
+func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM string, privkeyPEM string) error {
-	if _, err := url.Parse(apiUrl); err != nil {
+	if d.config.CertificateId == 0 {
-		return nil, errors.New("invalid 1panel api url")
+		return errors.New("config `certificateId` is required")
 	}
 	// 获取证书详情
 	getWebsiteSSLReq := &onepanelsdk.GetWebsiteSSLRequest{
 		SSLID: d.config.CertificateId,
 	}
 	getWebsiteSSLResp, err := d.sdkClient.GetWebsiteSSL(getWebsiteSSLReq)
 	d.logger.Debug("sdk request '1panel.GetWebsiteSSL'", slog.Any("request", getWebsiteSSLReq), slog.Any("response", getWebsiteSSLResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request '1panel.GetWebsiteSSL': %w", err)
 	}
 	// 更新证书
 	uploadWebsiteSSLReq := &onepanelsdk.UploadWebsiteSSLRequest{
 		Type:        "paste",
 		SSLID:       d.config.CertificateId,
 		Description: getWebsiteSSLResp.Data.Description,
 		Certificate: certPEM,
 		PrivateKey:  privkeyPEM,
 	}
 	uploadWebsiteSSLResp, err := d.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
 	d.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request '1panel.UploadWebsiteSSL': %w", err)
 	}
 	return nil
 }
 func createSdkClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (*onepanelsdk.Client, error) {
 	if _, err := url.Parse(serverUrl); err != nil {
 		return nil, errors.New("invalid 1panel server url")
 	}
 	if apiVersion == "" {
 		return nil, errors.New("invalid 1panel api version")
 	}
 	if apiKey == "" {
 		return nil, errors.New("invalid 1panel api key")
 	}
-	client := opsdk.NewClient(apiUrl, apiKey)
+	client := onepanelsdk.NewClient(serverUrl, apiVersion, apiKey)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
--- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go
@@ -1,4 +1,4 @@
-package onepanelsite_test
+package onepanelsite_test
 import (
 	"context"
@@ -14,17 +14,19 @@ import (
 var (
 	fInputCertPath string
 	fInputKeyPath  string
-	fApiUrl        string
+	fServerUrl     string
 	fApiVersion    string
 	fApiKey        string
 	fWebsiteId     int64
 )
 func init() {
-	argsPrefix := "CERTIMATE_DEPLOYER_1PANELCONSOLE_"
+	argsPrefix := "CERTIMATE_DEPLOYER_1PANELSITE_"
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
-	flag.StringVar(&fApiUrl, argsPrefix+"APIURL", "", "")
+	flag.StringVar(&fServerUrl, argsPrefix+"SERVERURL", "", "")
 	flag.StringVar(&fApiVersion, argsPrefix+"APIVERSION", "v1", "")
 	flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
 	flag.Int64Var(&fWebsiteId, argsPrefix+"WEBSITEID", 0, "")
 }
@@ -32,12 +34,13 @@ func init() {
 /*
 Shell command to run this test:
-	go test -v ./1panel_console_test.go -args \
+	go test -v ./1panel_site_test.go -args \
-	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_1PANELSITE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
-	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_1PANELSITE_INPUTKEYPATH="/path/to/your-input-key.pem" \
-	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIURL="http://127.0.0.1:20410" \
+	--CERTIMATE_DEPLOYER_1PANELSITE_SERVERURL="http://127.0.0.1:20410" \
-	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIKEY="your-api-key" \
+	--CERTIMATE_DEPLOYER_1PANELSITE_APIVERSION="v1" \
-	--CERTIMATE_DEPLOYER_1PANELCONSOLE_WEBSITEID="your-website-id"
+	--CERTIMATE_DEPLOYER_1PANELSITE_APIKEY="your-api-key" \
 	--CERTIMATE_DEPLOYER_1PANELSITE_WEBSITEID="your-website-id"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@@ -47,16 +50,19 @@ func TestDeploy(t *testing.T) {
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
-			fmt.Sprintf("APIURL: %v", fApiUrl),
+			fmt.Sprintf("SERVERURL: %v", fServerUrl),
 			fmt.Sprintf("APIVERSION: %v", fApiVersion),
 			fmt.Sprintf("APIKEY: %v", fApiKey),
 			fmt.Sprintf("WEBSITEID: %v", fWebsiteId),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			ApiUrl:                   fApiUrl,
+			ServerUrl:                fServerUrl,
 			ApiVersion:               fApiVersion,
 			ApiKey:                   fApiKey,
 			WebsiteId:                fWebsiteId,
 			AllowInsecureConnections: true,
 			ResourceType:             provider.RESOURCE_TYPE_WEBSITE,
 			WebsiteId:                fWebsiteId,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
--- a/internal/pkg/core/deployer/providers/1panel-site/consts.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/consts.go
@@ -0,0 +1,10 @@
 package onepanelsite
 type ResourceType string
 const (
 	// 资源类型：替换指定网站的证书。
 	RESOURCE_TYPE_WEBSITE = ResourceType("website")
 	// 资源类型：替换指定证书。
 	RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate")
 )
--- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
@@ -1,4 +1,4 @@
-package aliyunalb
+package aliyunalb
 import (
 	"context"
@@ -9,11 +9,10 @@ import (
 	"strings"
 	"time"
-	aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
+	alialb "github.com/alibabacloud-go/alb-20200616/v2/client"
-	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
+	alicas "github.com/alibabacloud-go/cas-20200407/v3/client"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"golang.org/x/exp/slices"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
@@ -26,6 +25,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -51,8 +52,8 @@ type DeployerProvider struct {
 var _ deployer.Deployer = (*DeployerProvider)(nil)
 type wSdkClients struct {
-	alb *aliyunAlb.Client
+	ALB *alialb.Client
-	cas *aliyunCas.Client
+	CAS *alicas.Client
 }
 func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
@@ -62,12 +63,12 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -80,7 +81,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -88,11 +89,11 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 上传证书到 CAS
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
@@ -110,7 +111,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 		}
 	default:
-		return nil, fmt.Errorf("unsupported resource type: %s", d.config.ResourceType)
+		return nil, fmt.Errorf("unsupported resource type '%s'", d.config.ResourceType)
 	}
 	return &deployer.DeployResult{}, nil
@@ -123,13 +124,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
-	getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
+	getLoadBalancerAttributeReq := &alialb.GetLoadBalancerAttributeRequest{
 		LoadBalancerId: tea.String(d.config.LoadbalancerId),
 	}
-	getLoadBalancerAttributeResp, err := d.sdkClients.alb.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	getLoadBalancerAttributeResp, err := d.sdkClients.ALB.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
 	d.logger.Debug("sdk request 'alb.GetLoadBalancerAttribute'", slog.Any("request", getLoadBalancerAttributeReq), slog.Any("response", getLoadBalancerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'alb.GetLoadBalancerAttribute': %w", err)
 	}
 	// 查询 HTTPS 监听列表
@@ -138,21 +139,27 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
-		listListenersReq := &aliyunAlb.ListListenersRequest{
+		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 		}
 		listListenersReq := &alialb.ListListenersRequest{
 			MaxResults:       tea.Int32(listListenersLimit),
 			NextToken:        listListenersToken,
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("HTTPS"),
 		}
-		listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
+		listListenersResp, err := d.sdkClients.ALB.ListListeners(listListenersReq)
 		d.logger.Debug("sdk request 'alb.ListListeners'", slog.Any("request", listListenersReq), slog.Any("response", listListenersResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
+			return fmt.Errorf("failed to execute sdk request 'alb.ListListeners': %w", err)
 		}
 		if listListenersResp.Body.Listeners != nil {
 			for _, listener := range listListenersResp.Body.Listeners {
-				listenerIds = append(listenerIds, *listener.ListenerId)
+				listenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))
 			}
 		}
@@ -167,21 +174,27 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
 	listListenersToken = nil
 	for {
-		listListenersReq := &aliyunAlb.ListListenersRequest{
+		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 		}
 		listListenersReq := &alialb.ListListenersRequest{
 			MaxResults:       tea.Int32(listListenersLimit),
 			NextToken:        listListenersToken,
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("QUIC"),
 		}
-		listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
+		listListenersResp, err := d.sdkClients.ALB.ListListeners(listListenersReq)
 		d.logger.Debug("sdk request 'alb.ListListeners'", slog.Any("request", listListenersReq), slog.Any("response", listListenersResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
+			return fmt.Errorf("failed to execute sdk request 'alb.ListListeners': %w", err)
 		}
 		if listListenersResp.Body.Listeners != nil {
 			for _, listener := range listListenersResp.Body.Listeners {
-				listenerIds = append(listenerIds, *listener.ListenerId)
+				listenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))
 			}
 		}
@@ -200,8 +213,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		d.logger.Info("found https/quic listeners to deploy", slog.Any("listenerIds", listenerIds))
 		for _, listenerId := range listenerIds {
-			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+			select {
-				errs = append(errs, err)
+			case <-ctx.Done():
 				return ctx.Err()
 			default:
 				if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
 					errs = append(errs, err)
 				}
 			}
 		}
@@ -229,13 +247,13 @@ func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId str
 func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {
 	// 查询监听的属性
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getlistenerattribute
-	getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
+	getListenerAttributeReq := &alialb.GetListenerAttributeRequest{
 		ListenerId: tea.String(cloudListenerId),
 	}
-	getListenerAttributeResp, err := d.sdkClients.alb.GetListenerAttribute(getListenerAttributeReq)
+	getListenerAttributeResp, err := d.sdkClients.ALB.GetListenerAttribute(getListenerAttributeReq)
 	d.logger.Debug("sdk request 'alb.GetListenerAttribute'", slog.Any("request", getListenerAttributeReq), slog.Any("response", getListenerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'alb.GetListenerAttribute': %w", err)
 	}
 	if d.config.Domain == "" {
@@ -243,36 +261,42 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		// 修改监听的属性
 		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
-		updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
+		updateListenerAttributeReq := &alialb.UpdateListenerAttributeRequest{
 			ListenerId: tea.String(cloudListenerId),
-			Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
+			Certificates: []*alialb.UpdateListenerAttributeRequestCertificates{{
 				CertificateId: tea.String(cloudCertId),
 			}},
 		}
-		updateListenerAttributeResp, err := d.sdkClients.alb.UpdateListenerAttribute(updateListenerAttributeReq)
+		updateListenerAttributeResp, err := d.sdkClients.ALB.UpdateListenerAttribute(updateListenerAttributeReq)
 		d.logger.Debug("sdk request 'alb.UpdateListenerAttribute'", slog.Any("request", updateListenerAttributeReq), slog.Any("response", updateListenerAttributeResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
+			return fmt.Errorf("failed to execute sdk request 'alb.UpdateListenerAttribute': %w", err)
 		}
 	} else {
 		// 指定 SNI，需部署到扩展域名
 		// 查询监听证书列表
 		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
-		listenerCertificates := make([]aliyunAlb.ListListenerCertificatesResponseBodyCertificates, 0)
+		listenerCertificates := make([]alialb.ListListenerCertificatesResponseBodyCertificates, 0)
 		listListenerCertificatesLimit := int32(100)
 		var listListenerCertificatesToken *string = nil
 		for {
-			listListenerCertificatesReq := &aliyunAlb.ListListenerCertificatesRequest{
+			select {
 			case <-ctx.Done():
 				return ctx.Err()
 			default:
 			}
 			listListenerCertificatesReq := &alialb.ListListenerCertificatesRequest{
 				NextToken:       listListenerCertificatesToken,
 				MaxResults:      tea.Int32(listListenerCertificatesLimit),
 				ListenerId:      tea.String(cloudListenerId),
 				CertificateType: tea.String("Server"),
 			}
-			listListenerCertificatesResp, err := d.sdkClients.alb.ListListenerCertificates(listListenerCertificatesReq)
+			listListenerCertificatesResp, err := d.sdkClients.ALB.ListListenerCertificates(listListenerCertificatesReq)
 			d.logger.Debug("sdk request 'alb.ListListenerCertificates'", slog.Any("request", listListenerCertificatesReq), slog.Any("response", listListenerCertificatesResp))
 			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListenerCertificates'")
+				return fmt.Errorf("failed to execute sdk request 'alb.ListListenerCertificates': %w", err)
 			}
 			if listListenerCertificatesResp.Body.Certificates != nil {
@@ -291,52 +315,62 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		// 遍历查询监听证书，并找出需要解除关联的证书
 		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
 		// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
-		certificateIsAssociated := false
+		certificateIsAlreadyAssociated := false
-		certificateIdsExpired := make([]string, 0)
+		certificateIdsToDissociate := make([]string, 0)
 		if len(listenerCertificates) > 0 {
 			d.logger.Info("found listener certificates to deploy", slog.Any("listenerCertificates", listenerCertificates))
 			var errs []error
 			for _, listenerCertificate := range listenerCertificates {
-				// 监听证书 ID 格式：${证书 ID}-${地域}
+				if tea.BoolValue(listenerCertificate.IsDefault) {
 				certificateId := strings.Split(*listenerCertificate.CertificateId, "-")[0]
 				if certificateId == cloudCertId {
 					certificateIsAssociated = true
 					continue
 				}
-				if *listenerCertificate.IsDefault || !strings.EqualFold(*listenerCertificate.Status, "Associated") {
+				if !strings.EqualFold(tea.StringValue(listenerCertificate.Status), "Associated") {
 					continue
 				}
 				// 监听证书 ID 格式：${证书 ID}-${地域}
 				certificateId := strings.Split(tea.StringValue(listenerCertificate.CertificateId), "-")[0]
 				if certificateId == cloudCertId {
 					certificateIsAlreadyAssociated = true
 					break
 				}
 				certificateIdAsInt64, err := strconv.ParseInt(certificateId, 10, 64)
 				if err != nil {
 					errs = append(errs, err)
 					continue
 				}
-				getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
+				getUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{
 					CertId: tea.Int64(certificateIdAsInt64),
 				}
-				getUserCertificateDetailResp, err := d.sdkClients.cas.GetUserCertificateDetail(getUserCertificateDetailReq)
+				getUserCertificateDetailResp, err := d.sdkClients.CAS.GetUserCertificateDetail(getUserCertificateDetailReq)
 				d.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp))
 				if err != nil {
-					errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'"))
+					if sdkerr, ok := err.(*tea.SDKError); ok {
-					continue
+						if tea.IntValue(sdkerr.StatusCode) == 400 && tea.StringValue(sdkerr.Code) == "NotFound" {
-				}
+							continue
 						}
 					}
-				certCnMatched := getUserCertificateDetailResp.Body.Common != nil && *getUserCertificateDetailResp.Body.Common == d.config.Domain
+					errs = append(errs, fmt.Errorf("failed to execute sdk request 'cas.GetUserCertificateDetail': %w", err))
 				certSanMatched := getUserCertificateDetailResp.Body.Sans != nil && slices.Contains(strings.Split(*getUserCertificateDetailResp.Body.Sans, ","), d.config.Domain)
 				if !certCnMatched && !certSanMatched {
 					continue
-				}
+				} else {
 					certCNMatched := tea.StringValue(getUserCertificateDetailResp.Body.Common) == d.config.Domain
 					certSANMatched := slices.Contains(strings.Split(tea.StringValue(getUserCertificateDetailResp.Body.Sans), ","), d.config.Domain)
 					if !certCNMatched && !certSANMatched {
 						continue
 					}
-				certEndDate, _ := time.Parse("2006-01-02", *getUserCertificateDetailResp.Body.EndDate)
+					certEndDate, _ := time.Parse("2006-01-02", tea.StringValue(getUserCertificateDetailResp.Body.EndDate))
-				if time.Now().Before(certEndDate) {
+					if time.Now().Before(certEndDate) {
-					continue
+						continue
-				}
+					}
-				certificateIdsExpired = append(certificateIdsExpired, certificateId)
+					certificateIdsToDissociate = append(certificateIdsToDissociate, certificateId)
 				}
 			}
 			if len(errs) > 0 {
@@ -346,40 +380,40 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		// 关联监听和扩展证书
 		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener
-		if !certificateIsAssociated {
+		if !certificateIsAlreadyAssociated {
-			associateAdditionalCertificatesFromListenerReq := &aliyunAlb.AssociateAdditionalCertificatesWithListenerRequest{
+			associateAdditionalCertificatesFromListenerReq := &alialb.AssociateAdditionalCertificatesWithListenerRequest{
 				ListenerId: tea.String(cloudListenerId),
-				Certificates: []*aliyunAlb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
+				Certificates: []*alialb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
 					{
 						CertificateId: tea.String(cloudCertId),
 					},
 				},
 			}
-			associateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesFromListenerReq)
+			associateAdditionalCertificatesFromListenerResp, err := d.sdkClients.ALB.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesFromListenerReq)
 			d.logger.Debug("sdk request 'alb.AssociateAdditionalCertificatesWithListener'", slog.Any("request", associateAdditionalCertificatesFromListenerReq), slog.Any("response", associateAdditionalCertificatesFromListenerResp))
 			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'alb.AssociateAdditionalCertificatesWithListener'")
+				return fmt.Errorf("failed to execute sdk request 'alb.AssociateAdditionalCertificatesWithListener': %w", err)
 			}
 		}
 		// 解除关联监听和扩展证书
 		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener
-		if len(certificateIdsExpired) > 0 {
+		if !certificateIsAlreadyAssociated && len(certificateIdsToDissociate) > 0 {
-			dissociateAdditionalCertificates := make([]*aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
+			dissociateAdditionalCertificates := make([]*alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
-			for _, certificateId := range certificateIdsExpired {
+			for _, certificateId := range certificateIdsToDissociate {
-				dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
+				dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
 					CertificateId: tea.String(certificateId),
 				})
 			}
-			dissociateAdditionalCertificatesFromListenerReq := &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequest{
+			dissociateAdditionalCertificatesFromListenerReq := &alialb.DissociateAdditionalCertificatesFromListenerRequest{
 				ListenerId:   tea.String(cloudListenerId),
 				Certificates: dissociateAdditionalCertificates,
 			}
-			dissociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.DissociateAdditionalCertificatesFromListener(dissociateAdditionalCertificatesFromListenerReq)
+			dissociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.ALB.DissociateAdditionalCertificatesFromListener(dissociateAdditionalCertificatesFromListenerReq)
 			d.logger.Debug("sdk request 'alb.DissociateAdditionalCertificatesFromListener'", slog.Any("request", dissociateAdditionalCertificatesFromListenerReq), slog.Any("response", dissociateAdditionalCertificatesFromListenerResp))
 			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'alb.DissociateAdditionalCertificatesFromListener'")
+				return fmt.Errorf("failed to execute sdk request 'alb.DissociateAdditionalCertificatesFromListener': %w", err)
 			}
 		}
 	}
@@ -391,18 +425,18 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	// 接入点一览 https://api.aliyun.com/product/Alb
 	var albEndpoint string
 	switch region {
-	case "cn-hangzhou-finance":
+	case "", "cn-hangzhou-finance":
 		albEndpoint = "alb.cn-hangzhou.aliyuncs.com"
 	default:
 		albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
 	}
-	albConfig := &aliyunOpen.Config{
+	albConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(albEndpoint),
 	}
-	albClient, err := aliyunAlb.NewClient(albConfig)
+	albClient, err := alialb.NewClient(albConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -415,29 +449,29 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 		casEndpoint = "cas.aliyuncs.com"
 	}
-	casConfig := &aliyunOpen.Config{
+	casConfig := &aliopen.Config{
 		Endpoint:        tea.String(casEndpoint),
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 	}
-	casClient, err := aliyunCas.NewClient(casConfig)
+	casClient, err := alicas.NewClient(casConfig)
 	if err != nil {
 		return nil, err
 	}
 	return &wSdkClients{
-		alb: albClient,
+		ALB: albClient,
-		cas: casClient,
+		CAS: casClient,
 	}, nil
 }
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 ALB 服务的
 		// 国内版固定接入点：华东一杭州
 		// 国际版固定接入点：亚太东南一新加坡
-		if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+		if !strings.HasPrefix(casRegion, "cn-") {
 			casRegion = "ap-southeast-1"
 		} else {
 			casRegion = "cn-hangzhou"
@@ -447,6 +481,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err
--- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go
@@ -1,4 +1,4 @@
-package aliyunalb_test
+package aliyunalb_test
 import (
 	"context"
@@ -96,6 +96,7 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("LISTENERID: %v", fListenerId),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
--- a/internal/pkg/core/deployer/providers/aliyun-alb/consts.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/consts.go
@@ -1,4 +1,4 @@
-package aliyunalb
+package aliyunalb
 type ResourceType string
--- a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
@@ -0,0 +1,279 @@
 package aliyunapigw
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log/slog"
 	"strings"
 	"time"
 	aliapig "github.com/alibabacloud-go/apig-20240327/v3/client"
 	alicloudapi "github.com/alibabacloud-go/cloudapi-20160714/v5/client"
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
 	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 type DeployerConfig struct {
 	// 阿里云 AccessKeyId。
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务类型。
 	ServiceType ServiceType `json:"serviceType"`
 	// API 网关 ID。
 	// 服务类型为 [SERVICE_TYPE_CLOUDNATIVE] 时必填。
 	GatewayId string `json:"gatewayId,omitempty"`
 	// API 分组 ID。
 	// 服务类型为 [SERVICE_TYPE_TRADITIONAL] 时必填。
 	GroupId string `json:"groupId,omitempty"`
 	// 自定义域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
 	sdkClients  *wSdkClients
 	sslUploader uploader.Uploader
 }
 type wSdkClients struct {
 	CloudNativeAPIGateway *aliapig.Client
 	TraditionalAPIGateway *alicloudapi.Client
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
 func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
 	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
 		config:      config,
 		logger:      slog.Default(),
 		sdkClients:  clients,
 		sslUploader: uploader,
 	}, nil
 }
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
 		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	return d
 }
 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	switch d.config.ServiceType {
 	case SERVICE_TYPE_TRADITIONAL:
 		if err := d.deployToTraditional(ctx, certPEM, privkeyPEM); err != nil {
 			return nil, err
 		}
 	case SERVICE_TYPE_CLOUDNATIVE:
 		if err := d.deployToCloudNative(ctx, certPEM, privkeyPEM); err != nil {
 			return nil, err
 		}
 	default:
 		return nil, fmt.Errorf("unsupported service type '%s'", string(d.config.ServiceType))
 	}
 	return &deployer.DeployResult{}, nil
 }
 func (d *DeployerProvider) deployToTraditional(ctx context.Context, certPEM string, privkeyPEM string) error {
 	if d.config.GroupId == "" {
 		return errors.New("config `groupId` is required")
 	}
 	if d.config.Domain == "" {
 		return errors.New("config `domain` is required")
 	}
 	// 为自定义域名添加 SSL 证书
 	// REF: https://help.aliyun.com/zh/api-gateway/traditional-api-gateway/developer-reference/api-cloudapi-2016-07-14-setdomaincertificate
 	setDomainCertificateReq := &alicloudapi.SetDomainCertificateRequest{
 		GroupId:               tea.String(d.config.GroupId),
 		DomainName:            tea.String(d.config.Domain),
 		CertificateName:       tea.String(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())),
 		CertificateBody:       tea.String(certPEM),
 		CertificatePrivateKey: tea.String(privkeyPEM),
 	}
 	setDomainCertificateResp, err := d.sdkClients.TraditionalAPIGateway.SetDomainCertificate(setDomainCertificateReq)
 	d.logger.Debug("sdk request 'apigateway.SetDomainCertificate'", slog.Any("request", setDomainCertificateReq), slog.Any("response", setDomainCertificateResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request 'apigateway.SetDomainCertificate': %w", err)
 	}
 	return nil
 }
 func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM string, privkeyPEM string) error {
 	if d.config.GatewayId == "" {
 		return errors.New("config `gatewayId` is required")
 	}
 	if d.config.Domain == "" {
 		return errors.New("config `domain` is required")
 	}
 	// 遍历查询域名列表，获取域名 ID
 	// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-listdomains
 	var domainId string
 	listDomainsPageNumber := int32(1)
 	listDomainsPageSize := int32(10)
 	for {
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 		}
 		listDomainsReq := &aliapig.ListDomainsRequest{
 			ResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
 			GatewayId:       tea.String(d.config.GatewayId),
 			NameLike:        tea.String(d.config.Domain),
 			PageNumber:      tea.Int32(listDomainsPageNumber),
 			PageSize:        tea.Int32(listDomainsPageSize),
 		}
 		listDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomains(listDomainsReq)
 		d.logger.Debug("sdk request 'apig.ListDomains'", slog.Any("request", listDomainsReq), slog.Any("response", listDomainsResp))
 		if err != nil {
 			return fmt.Errorf("failed to execute sdk request 'apig.ListDomains': %w", err)
 		}
 		if listDomainsResp.Body.Data.Items != nil {
 			for _, domainInfo := range listDomainsResp.Body.Data.Items {
 				if strings.EqualFold(tea.StringValue(domainInfo.Name), d.config.Domain) {
 					domainId = tea.StringValue(domainInfo.DomainId)
 					break
 				}
 			}
 			if domainId != "" {
 				break
 			}
 		}
 		if listDomainsResp.Body.Data.Items == nil || len(listDomainsResp.Body.Data.Items) < int(listDomainsPageSize) {
 			break
 		} else {
 			listDomainsPageNumber++
 		}
 	}
 	if domainId == "" {
 		return errors.New("domain not found")
 	}
 	// 查询域名
 	// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-getdomain
 	getDomainReq := &aliapig.GetDomainRequest{}
 	getDomainResp, err := d.sdkClients.CloudNativeAPIGateway.GetDomain(tea.String(domainId), getDomainReq)
 	d.logger.Debug("sdk request 'apig.GetDomain'", slog.Any("domainId", domainId), slog.Any("request", getDomainReq), slog.Any("response", getDomainResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request 'apig.GetDomain': %w", err)
 	}
 	// 上传证书到 CAS
 	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
 		return fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
 	// 更新域名
 	// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-updatedomain
 	updateDomainReq := &aliapig.UpdateDomainRequest{
 		Protocol:              tea.String("HTTPS"),
 		ForceHttps:            getDomainResp.Body.Data.ForceHttps,
 		MTLSEnabled:           getDomainResp.Body.Data.MTLSEnabled,
 		Http2Option:           getDomainResp.Body.Data.Http2Option,
 		TlsMin:                getDomainResp.Body.Data.TlsMin,
 		TlsMax:                getDomainResp.Body.Data.TlsMax,
 		TlsCipherSuitesConfig: getDomainResp.Body.Data.TlsCipherSuitesConfig,
 		CertIdentifier:        tea.String(upres.ExtendedData["certIdentifier"].(string)),
 	}
 	updateDomainResp, err := d.sdkClients.CloudNativeAPIGateway.UpdateDomain(tea.String(domainId), updateDomainReq)
 	d.logger.Debug("sdk request 'apig.UpdateDomain'", slog.Any("domainId", domainId), slog.Any("request", updateDomainReq), slog.Any("response", updateDomainResp))
 	if err != nil {
 		return fmt.Errorf("failed to execute sdk request 'apig.UpdateDomain': %w", err)
 	}
 	return nil
 }
 func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
 	// 接入点一览 https://api.aliyun.com/product/APIG
 	cloudNativeAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apig.%s.aliyuncs.com", region), "..", ".")
 	cloudNativeAPIGConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(cloudNativeAPIGEndpoint),
 	}
 	cloudNativeAPIGClient, err := aliapig.NewClient(cloudNativeAPIGConfig)
 	if err != nil {
 		return nil, err
 	}
 	// 接入点一览 https://api.aliyun.com/product/CloudAPI
 	traditionalAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apigateway.%s.aliyuncs.com", region), "..", ".")
 	traditionalAPIGConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(traditionalAPIGEndpoint),
 	}
 	traditionalAPIGClient, err := alicloudapi.NewClient(traditionalAPIGConfig)
 	if err != nil {
 		return nil, err
 	}
 	return &wSdkClients{
 		CloudNativeAPIGateway: cloudNativeAPIGClient,
 		TraditionalAPIGateway: traditionalAPIGClient,
 	}, nil
 }
 func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 APIGateway 服务的
 		// 国内版固定接入点：华东一杭州
 		// 国际版固定接入点：亚太东南一新加坡
 		if !strings.HasPrefix(casRegion, "cn-") {
 			casRegion = "ap-southeast-1"
 		} else {
 			casRegion = "cn-hangzhou"
 		}
 	}
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err
 }
--- a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go
@@ -0,0 +1,95 @@
 package aliyunapigw_test
 import (
 	"context"
 	"flag"
 	"fmt"
 	"os"
 	"strings"
 	"testing"
 	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-apigw"
 )
 var (
 	fInputCertPath   string
 	fInputKeyPath    string
 	fAccessKeyId     string
 	fAccessKeySecret string
 	fRegion          string
 	fServiceType     string
 	fGatewayId       string
 	fGroupId         string
 	fDomain          string
 )
 func init() {
 	argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNAPIGW_"
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
 	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
 	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fGatewayId, argsPrefix+"GATEWARYID", "", "")
 	flag.StringVar(&fGroupId, argsPrefix+"GROUPID", "", "")
 	flag.StringVar(&fServiceType, argsPrefix+"SERVICETYPE", "", "")
 	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 /*
 Shell command to run this test:
 	go test -v ./aliyun_apigw_test.go -args \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_INPUTKEYPATH="/path/to/your-input-key.pem" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_ACCESSKEYID="your-access-key-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_GATEWAYID="your-api-gateway-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_GROUPID="your-api-group-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_SERVICETYPE="cloudnative" \
 	--CERTIMATE_DEPLOYER_ALIYUNAPIGW_DOMAIN="example.com"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
 	t.Run("Deploy", func(t *testing.T) {
 		t.Log(strings.Join([]string{
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
 			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("GATEWAYID: %v", fGatewayId),
 			fmt.Sprintf("GROUPID: %v", fGroupId),
 			fmt.Sprintf("SERVICETYPE: %v", fServiceType),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
 			AccessKeyId:     fAccessKeyId,
 			AccessKeySecret: fAccessKeySecret,
 			Region:          fRegion,
 			ServiceType:     provider.ServiceType(fServiceType),
 			GatewayId:       fGatewayId,
 			GroupId:         fGroupId,
 			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		fInputCertData, _ := os.ReadFile(fInputCertPath)
 		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
 		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		t.Logf("ok: %v", res)
 	})
 }
--- a/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go
@@ -0,0 +1,10 @@
 package aliyunapigw
 type ServiceType string
 const (
 	// 服务类型：原 API 网关。
 	SERVICE_TYPE_TRADITIONAL = ServiceType("traditional")
 	// 服务类型：云原生 API 网关。
 	SERVICE_TYPE_CLOUDNATIVE = ServiceType("cloudnative")
 )
--- a/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go
+++ b/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go
@@ -1,4 +1,4 @@
-package aliyuncasdeploy
+package aliyuncasdeploy
 import (
 	"context"
@@ -8,10 +8,9 @@ import (
 	"strings"
 	"time"
-	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
+	alicas "github.com/alibabacloud-go/cas-20200407/v3/client"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -23,19 +22,21 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 阿里云云产品资源 ID 数组。
 	ResourceIds []string `json:"resourceIds"`
 	// 阿里云云联系人 ID 数组。
-	// 零值时默认使用账号下第一个联系人。
+	// 零值时使用账号下第一个联系人。
 	ContactIds []string `json:"contactIds"`
 }
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *aliyunCas.Client
+	sdkClient   *alicas.Client
 	sslUploader uploader.Uploader
 }
@@ -48,16 +49,12 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
-	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 		Region:          config.Region,
 	})
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -70,7 +67,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -78,15 +75,15 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	if len(d.config.ResourceIds) == 0 {
 		return nil, errors.New("config `resourceIds` is required")
 	}
 	// 上传证书到 CAS
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
@@ -95,13 +92,14 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	if len(contactIds) == 0 {
 		// 获取联系人列表
 		// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listcontact
-		listContactReq := &aliyunCas.ListContactRequest{}
+		listContactReq := &alicas.ListContactRequest{
-		listContactReq.ShowSize = tea.Int32(1)
+			ShowSize:    tea.Int32(1),
-		listContactReq.CurrentPage = tea.Int32(1)
+			CurrentPage: tea.Int32(1),
 		}
 		listContactResp, err := d.sdkClient.ListContact(listContactReq)
 		d.logger.Debug("sdk request 'cas.ListContact'", slog.Any("request", listContactReq), slog.Any("response", listContactResp))
 		if err != nil {
-			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.ListContact'")
+			return nil, fmt.Errorf("failed to execute sdk request 'cas.ListContact': %w", err)
 		}
 		if len(listContactResp.Body.ContactList) > 0 {
@@ -111,7 +109,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	// 创建部署任务
 	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-createdeploymentjob
-	createDeploymentJobReq := &aliyunCas.CreateDeploymentJobRequest{
+	createDeploymentJobReq := &alicas.CreateDeploymentJobRequest{
 		Name:        tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
 		JobType:     tea.String("user"),
 		CertIds:     tea.String(upres.CertId),
@@ -121,23 +119,25 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	createDeploymentJobResp, err := d.sdkClient.CreateDeploymentJob(createDeploymentJobReq)
 	d.logger.Debug("sdk request 'cas.CreateDeploymentJob'", slog.Any("request", createDeploymentJobReq), slog.Any("response", createDeploymentJobResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.CreateDeploymentJob'")
+		return nil, fmt.Errorf("failed to execute sdk request 'cas.CreateDeploymentJob': %w", err)
 	}
 	// 循环获取部署任务详情，等待任务状态变更
 	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-describedeploymentjob
 	for {
-		if ctx.Err() != nil {
+		select {
 		case <-ctx.Done():
 			return nil, ctx.Err()
 		default:
 		}
-		describeDeploymentJobReq := &aliyunCas.DescribeDeploymentJobRequest{
+		describeDeploymentJobReq := &alicas.DescribeDeploymentJobRequest{
 			JobId: createDeploymentJobResp.Body.JobId,
 		}
 		describeDeploymentJobResp, err := d.sdkClient.DescribeDeploymentJob(describeDeploymentJobReq)
 		d.logger.Debug("sdk request 'cas.DescribeDeploymentJob'", slog.Any("request", describeDeploymentJobReq), slog.Any("response", describeDeploymentJobResp))
 		if err != nil {
-			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.DescribeDeploymentJob'")
+			return nil, fmt.Errorf("failed to execute sdk request 'cas.DescribeDeploymentJob': %w", err)
 		}
 		if describeDeploymentJobResp.Body.Status == nil || *describeDeploymentJobResp.Body.Status == "editing" {
@@ -155,30 +155,48 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	return &deployer.DeployResult{}, nil
 }
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) {
 	if region == "" {
 		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
 	}
 	// 接入点一览 https://api.aliyun.com/product/cas
 	var endpoint string
 	switch region {
-	case "cn-hangzhou":
+	case "", "cn-hangzhou":
 		endpoint = "cas.aliyuncs.com"
 	default:
 		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
 	}
-	config := &aliyunOpen.Config{
+	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(endpoint),
 	}
-	client, err := aliyunCas.NewClient(config)
+	client, err := alicas.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
 	return client, nil
 }
 func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于其他服务的
 		// 国内版固定接入点：华东一杭州
 		// 国际版固定接入点：亚太东南一新加坡
 		if !strings.HasPrefix(casRegion, "cn-") {
 			casRegion = "ap-southeast-1"
 		} else {
 			casRegion = "cn-hangzhou"
 		}
 	}
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err
 }
--- a/internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go
@@ -1,11 +1,10 @@
-package aliyuncas
+package aliyuncas
 import (
 	"context"
 	"fmt"
 	"log/slog"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
@@ -16,6 +15,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 }
@@ -36,10 +37,11 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 		ResourceGroupId: config.ResourceGroupId,
 		Region:          config.Region,
 	})
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -51,7 +53,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -59,11 +61,11 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 上传证书到 CAS
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
--- a/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go
+++ b/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go
@@ -1,4 +1,4 @@
-package aliyuncdn
+package aliyuncdn
 import (
 	"context"
@@ -7,10 +7,9 @@ import (
 	"strings"
 	"time"
-	aliyunCdn "github.com/alibabacloud-go/cdn-20180510/v5/client"
+	alicdn "github.com/alibabacloud-go/cdn-20180510/v5/client"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 )
@@ -20,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -27,7 +28,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *aliyunCdn.Client
+	sdkClient *alicdn.Client
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -39,7 +40,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	return &DeployerProvider{
@@ -51,44 +52,44 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// "*.example.com" → ".example.com"，适配阿里云 CDN 要求的泛域名格式
 	domain := strings.TrimPrefix(d.config.Domain, "*")
 	// 设置 CDN 域名域名证书
 	// REF: https://help.aliyun.com/zh/cdn/developer-reference/api-cdn-2018-05-10-setcdndomainsslcertificate
-	setCdnDomainSSLCertificateReq := &aliyunCdn.SetCdnDomainSSLCertificateRequest{
+	setCdnDomainSSLCertificateReq := &alicdn.SetCdnDomainSSLCertificateRequest{
 		DomainName:  tea.String(domain),
 		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
 		CertType:    tea.String("upload"),
 		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(certPem),
+		SSLPub:      tea.String(certPEM),
-		SSLPri:      tea.String(privkeyPem),
+		SSLPri:      tea.String(privkeyPEM),
 	}
 	setCdnDomainSSLCertificateResp, err := d.sdkClient.SetCdnDomainSSLCertificate(setCdnDomainSSLCertificateReq)
 	d.logger.Debug("sdk request 'cdn.SetCdnDomainSSLCertificate'", slog.Any("request", setCdnDomainSSLCertificateReq), slog.Any("response", setCdnDomainSSLCertificateResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate'")
+		return nil, fmt.Errorf("failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate': %w", err)
 	}
 	return &deployer.DeployResult{}, nil
 }
-func createSdkClient(accessKeyId, accessKeySecret string) (*aliyunCdn.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret string) (*alicdn.Client, error) {
-	config := &aliyunOpen.Config{
+	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String("cdn.aliyuncs.com"),
 	}
-	client, err := aliyunCdn.NewClient(config)
+	client, err := alicdn.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn_test.go
@@ -1,4 +1,4 @@
-package aliyuncdn_test
+package aliyuncdn_test
 import (
 	"context"
--- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
@@ -1,4 +1,4 @@
-package aliyunclb
+package aliyunclb
 import (
 	"context"
@@ -6,10 +6,9 @@ import (
 	"fmt"
 	"log/slog"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
+	alislb "github.com/alibabacloud-go/slb-20140515/v4/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -21,6 +20,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -39,7 +40,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *aliyunSlb.Client
+	sdkClient   *alislb.Client
 	sslUploader uploader.Uploader
 }
@@ -52,16 +53,12 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
-	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 		Region:          config.Region,
 	})
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -74,7 +71,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -82,11 +79,11 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 上传证书到 SLB
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
@@ -104,7 +101,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 		}
 	default:
-		return nil, fmt.Errorf("unsupported resource type: %s", d.config.ResourceType)
+		return nil, fmt.Errorf("unsupported resource type '%s'", d.config.ResourceType)
 	}
 	return &deployer.DeployResult{}, nil
@@ -117,14 +114,14 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
-	describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
+	describeLoadBalancerAttributeReq := &alislb.DescribeLoadBalancerAttributeRequest{
 		RegionId:       tea.String(d.config.Region),
 		LoadBalancerId: tea.String(d.config.LoadbalancerId),
 	}
 	describeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttribute(describeLoadBalancerAttributeReq)
 	d.logger.Debug("sdk request 'slb.DescribeLoadBalancerAttribute'", slog.Any("request", describeLoadBalancerAttributeReq), slog.Any("response", describeLoadBalancerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerAttribute': %w", err)
 	}
 	// 查询 HTTPS 监听列表
@@ -133,7 +130,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	describeLoadBalancerListenersLimit := int32(100)
 	var describeLoadBalancerListenersToken *string = nil
 	for {
-		describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
+		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 		}
 		describeLoadBalancerListenersReq := &alislb.DescribeLoadBalancerListenersRequest{
 			RegionId:         tea.String(d.config.Region),
 			MaxResults:       tea.Int32(describeLoadBalancerListenersLimit),
 			NextToken:        describeLoadBalancerListenersToken,
@@ -143,7 +146,7 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		describeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListeners(describeLoadBalancerListenersReq)
 		d.logger.Debug("sdk request 'slb.DescribeLoadBalancerListeners'", slog.Any("request", describeLoadBalancerListenersReq), slog.Any("response", describeLoadBalancerListenersResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerListeners'")
+			return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerListeners': %w", err)
 		}
 		if describeLoadBalancerListenersResp.Body.Listeners != nil {
@@ -167,8 +170,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 		for _, listenerPort := range listenerPorts {
-			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
+			select {
-				errs = append(errs, err)
+			case <-ctx.Done():
 				return ctx.Err()
 			default:
 				if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
 					errs = append(errs, err)
 				}
 			}
 		}
@@ -199,14 +207,14 @@ func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId str
 func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudListenerPort int32, cloudCertId string) error {
 	// 查询监听配置
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerhttpslistenerattribute
-	describeLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.DescribeLoadBalancerHTTPSListenerAttributeRequest{
+	describeLoadBalancerHTTPSListenerAttributeReq := &alislb.DescribeLoadBalancerHTTPSListenerAttributeRequest{
 		LoadBalancerId: tea.String(cloudLoadbalancerId),
 		ListenerPort:   tea.Int32(cloudListenerPort),
 	}
 	describeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttribute(describeLoadBalancerHTTPSListenerAttributeReq)
 	d.logger.Debug("sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'", slog.Any("request", describeLoadBalancerHTTPSListenerAttributeReq), slog.Any("response", describeLoadBalancerHTTPSListenerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute': %w", err)
 	}
 	if d.config.Domain == "" {
@@ -214,7 +222,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		// 修改监听配置
 		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
-		setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
+		setLoadBalancerHTTPSListenerAttributeReq := &alislb.SetLoadBalancerHTTPSListenerAttributeRequest{
 			RegionId:            tea.String(d.config.Region),
 			LoadBalancerId:      tea.String(cloudLoadbalancerId),
 			ListenerPort:        tea.Int32(cloudListenerPort),
@@ -223,14 +231,14 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
 		d.logger.Debug("sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'", slog.Any("request", setLoadBalancerHTTPSListenerAttributeReq), slog.Any("response", setLoadBalancerHTTPSListenerAttributeResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
+			return fmt.Errorf("failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute': %w", err)
 		}
 	} else {
 		// 指定 SNI，需部署到扩展域名
 		// 查询扩展域名
 		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
-		describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
+		describeDomainExtensionsReq := &alislb.DescribeDomainExtensionsRequest{
 			RegionId:       tea.String(d.config.Region),
 			LoadBalancerId: tea.String(cloudLoadbalancerId),
 			ListenerPort:   tea.Int32(cloudListenerPort),
@@ -238,7 +246,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
 		d.logger.Debug("sdk request 'slb.DescribeDomainExtensions'", slog.Any("request", describeDomainExtensionsReq), slog.Any("response", describeDomainExtensionsResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
+			return fmt.Errorf("failed to execute sdk request 'slb.DescribeDomainExtensions': %w", err)
 		}
 		// 遍历修改扩展域名
@@ -251,7 +259,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 					continue
 				}
-				setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
+				setDomainExtensionAttributeReq := &alislb.SetDomainExtensionAttributeRequest{
 					RegionId:            tea.String(d.config.Region),
 					DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
 					ServerCertificateId: tea.String(cloudCertId),
@@ -259,7 +267,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 				setDomainExtensionAttributeResp, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
 				d.logger.Debug("sdk request 'slb.SetDomainExtensionAttribute'", slog.Any("request", setDomainExtensionAttributeReq), slog.Any("response", setDomainExtensionAttributeResp))
 				if err != nil {
-					errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'"))
+					errs = append(errs, fmt.Errorf("failed to execute sdk request 'slb.SetDomainExtensionAttribute': %w", err))
 					continue
 				}
 			}
@@ -273,11 +281,11 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 	return nil
 }
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/Slb
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-hangzhou",
 		"cn-hangzhou-finance",
 		"cn-shanghai-finance-1",
@@ -287,16 +295,26 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Cl
 		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
 	}
-	config := &aliyunOpen.Config{
+	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(endpoint),
 	}
-	client, err := aliyunSlb.NewClient(config)
+	client, err := alislb.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
 	return client, nil
 }
 func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          region,
 	})
 	return uploader, err
 }
--- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go
@@ -1,4 +1,4 @@
-package aliyunclb_test
+package aliyunclb_test
 import (
 	"context"
@@ -18,7 +18,7 @@ var (
 	fAccessKeySecret string
 	fRegion          string
 	fLoadbalancerId  string
-	fListenerPort    int
+	fListenerPort    int64
 	fDomain          string
 )
@@ -31,7 +31,7 @@ func init() {
 	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
-	flag.IntVar(&fListenerPort, argsPrefix+"LISTENERPORT", 443, "")
+	flag.Int64Var(&fListenerPort, argsPrefix+"LISTENERPORT", 443, "")
 	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
@@ -46,7 +46,7 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_LOADBALANCERID="your-clb-instance-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443 \
-	--CERTIMATE_DEPLOYER_ALIYUNCLB_DOMAIN="your-alb-sni-domain"
+	--CERTIMATE_DEPLOYER_ALIYUNCLB_DOMAIN="your-clb-sni-domain"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
--- a/internal/pkg/core/deployer/providers/aliyun-clb/consts.go
+++ b/internal/pkg/core/deployer/providers/aliyun-clb/consts.go
@@ -1,4 +1,4 @@
-package aliyunclb
+package aliyunclb
 type ResourceType string
--- a/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go
+++ b/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go
@@ -1,4 +1,4 @@
-package aliyundcdn
+package aliyundcdn
 import (
 	"context"
@@ -7,10 +7,9 @@ import (
 	"strings"
 	"time"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunDcdn "github.com/alibabacloud-go/dcdn-20180115/v3/client"
+	alidcdn "github.com/alibabacloud-go/dcdn-20180115/v3/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 )
@@ -20,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -27,7 +28,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *aliyunDcdn.Client
+	sdkClient *alidcdn.Client
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -39,7 +40,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	return &DeployerProvider{
@@ -51,44 +52,44 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// "*.example.com" → ".example.com"，适配阿里云 DCDN 要求的泛域名格式
 	domain := strings.TrimPrefix(d.config.Domain, "*")
 	// 配置域名证书
 	// REF: https://help.aliyun.com/zh/edge-security-acceleration/dcdn/developer-reference/api-dcdn-2018-01-15-setdcdndomainsslcertificate
-	setDcdnDomainSSLCertificateReq := &aliyunDcdn.SetDcdnDomainSSLCertificateRequest{
+	setDcdnDomainSSLCertificateReq := &alidcdn.SetDcdnDomainSSLCertificateRequest{
 		DomainName:  tea.String(domain),
 		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
 		CertType:    tea.String("upload"),
 		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(certPem),
+		SSLPub:      tea.String(certPEM),
-		SSLPri:      tea.String(privkeyPem),
+		SSLPri:      tea.String(privkeyPEM),
 	}
 	setDcdnDomainSSLCertificateResp, err := d.sdkClient.SetDcdnDomainSSLCertificate(setDcdnDomainSSLCertificateReq)
 	d.logger.Debug("sdk request 'dcdn.SetDcdnDomainSSLCertificate'", slog.Any("request", setDcdnDomainSSLCertificateReq), slog.Any("response", setDcdnDomainSSLCertificateResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate'")
+		return nil, fmt.Errorf("failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate': %w", err)
 	}
 	return &deployer.DeployResult{}, nil
 }
-func createSdkClient(accessKeyId, accessKeySecret string) (*aliyunDcdn.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret string) (*alidcdn.Client, error) {
-	config := &aliyunOpen.Config{
+	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String("dcdn.aliyuncs.com"),
 	}
-	client, err := aliyunDcdn.NewClient(config)
+	client, err := alidcdn.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn_test.go
@@ -1,4 +1,4 @@
-package aliyundcdn_test
+package aliyundcdn_test
 import (
 	"context"
--- a/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go
+++ b/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go
@@ -0,0 +1,140 @@
 package aliyunddos
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log/slog"
 	"strconv"
 	"strings"
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	aliddos "github.com/alibabacloud-go/ddoscoo-20200101/v4/client"
 	"github.com/alibabacloud-go/tea/tea"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-slb"
 )
 type DeployerConfig struct {
 	// 阿里云 AccessKeyId。
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 网站域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
 	sdkClient   *aliddos.Client
 	sslUploader uploader.Uploader
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
 func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
 		config:      config,
 		logger:      slog.Default(),
 		sdkClient:   client,
 		sslUploader: uploader,
 	}, nil
 }
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
 		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	d.sslUploader.WithLogger(logger)
 	return d
 }
 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	if d.config.Domain == "" {
 		return nil, errors.New("config `domain` is required")
 	}
 	// 上传证书到 CAS
 	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
 		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
 	// 为网站业务转发规则关联 SSL 证书
 	// REF: https://help.aliyun.com/zh/anti-ddos/anti-ddos-pro-and-premium/developer-reference/api-ddoscoo-2020-01-01-associatewebcert
 	certId, _ := strconv.Atoi(upres.CertId)
 	associateWebCertReq := &aliddos.AssociateWebCertRequest{
 		Domain: tea.String(d.config.Domain),
 		CertId: tea.Int32(int32(certId)),
 	}
 	associateWebCertResp, err := d.sdkClient.AssociateWebCert(associateWebCertReq)
 	d.logger.Debug("sdk request 'dcdn.AssociateWebCert'", slog.Any("request", associateWebCertReq), slog.Any("response", associateWebCertResp))
 	if err != nil {
 		return nil, fmt.Errorf("failed to execute sdk request 'dcdn.AssociateWebCert': %w", err)
 	}
 	return &deployer.DeployResult{}, nil
 }
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/ddoscoo
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(strings.ReplaceAll(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region), "..", ".")),
 	}
 	client, err := aliddos.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
 	return client, nil
 }
 func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 Anti-DDoS 服务的
 		// 国内版固定接入点：华东一杭州
 		// 国际版固定接入点：亚太东南一新加坡
 		if !strings.HasPrefix(casRegion, "cn-") {
 			casRegion = "ap-southeast-1"
 		} else {
 			casRegion = "cn-hangzhou"
 		}
 	}
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err
 }
--- a/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos_test.go
@@ -0,0 +1,80 @@
 package aliyunddos_test
 import (
 	"context"
 	"flag"
 	"fmt"
 	"os"
 	"strings"
 	"testing"
 	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-ddos"
 )
 var (
 	fInputCertPath   string
 	fInputKeyPath    string
 	fAccessKeyId     string
 	fAccessKeySecret string
 	fRegion          string
 	fDomain          string
 )
 func init() {
 	argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNDDOS_"
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
 	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
 	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 /*
 Shell command to run this test:
 	go test -v ./aliyun_ddos_test.go -args \
 	--CERTIMATE_DEPLOYER_ALIYUNDDOS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_ALIYUNDDOS_INPUTKEYPATH="/path/to/your-input-key.pem" \
 	--CERTIMATE_DEPLOYER_ALIYUNDDOS_ACCESSKEYID="your-access-key-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNDDOS_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNDDOS_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNDDOS_DOMAIN="example.com"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
 	t.Run("Deploy", func(t *testing.T) {
 		t.Log(strings.Join([]string{
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
 			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
 			AccessKeyId:     fAccessKeyId,
 			AccessKeySecret: fAccessKeySecret,
 			Region:          fRegion,
 			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		fInputCertData, _ := os.ReadFile(fInputCertPath)
 		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
 		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		t.Logf("ok: %v", res)
 	})
 }
--- a/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go
+++ b/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go
@@ -1,4 +1,4 @@
-package aliyunesa
+package aliyunesa
 import (
 	"context"
@@ -8,10 +8,9 @@ import (
 	"strconv"
 	"strings"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunEsa "github.com/alibabacloud-go/esa-20240910/v2/client"
+	aliesa "github.com/alibabacloud-go/esa-20240910/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -23,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 阿里云 ESA 站点 ID。
@@ -32,7 +33,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *aliyunEsa.Client
+	sdkClient   *aliesa.Client
 	sslUploader uploader.Uploader
 }
@@ -45,12 +46,12 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -63,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -71,15 +72,15 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	if d.config.SiteId == 0 {
 		return nil, errors.New("config `siteId` is required")
 	}
 	// 上传证书到 CAS
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
@@ -87,7 +88,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	// 配置站点证书
 	// REF: https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-setcertificate
 	certId, _ := strconv.ParseInt(upres.CertId, 10, 64)
-	setCertificateReq := &aliyunEsa.SetCertificateRequest{
+	setCertificateReq := &aliesa.SetCertificateRequest{
 		SiteId: tea.Int64(d.config.SiteId),
 		Type:   tea.String("cas"),
 		CasId:  tea.Int64(certId),
@@ -95,21 +96,21 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	setCertificateResp, err := d.sdkClient.SetCertificate(setCertificateReq)
 	d.logger.Debug("sdk request 'esa.SetCertificate'", slog.Any("request", setCertificateReq), slog.Any("response", setCertificateResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'esa.SetCertificate'")
+		return nil, fmt.Errorf("failed to execute sdk request 'esa.SetCertificate': %w", err)
 	}
 	return &deployer.DeployResult{}, nil
 }
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunEsa.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/ESA
-	config := &aliyunOpen.Config{
+	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("esa.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(strings.ReplaceAll(fmt.Sprintf("esa.%s.aliyuncs.com", region), "..", ".")),
 	}
-	client, err := aliyunEsa.NewClient(config)
+	client, err := aliesa.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
@@ -117,13 +118,13 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunEsa.Cl
 	return client, nil
 }
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 ESA 服务的
 		// 国内版固定接入点：华东一杭州
 		// 国际版固定接入点：亚太东南一新加坡
-		if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+		if !strings.HasPrefix(casRegion, "cn-") {
 			casRegion = "ap-southeast-1"
 		} else {
 			casRegion = "cn-hangzhou"
@@ -133,6 +134,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err
--- a/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa_test.go
@@ -1,4 +1,4 @@
-package aliyunesa_test
+package aliyunesa_test
 import (
 	"context"
--- a/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go
+++ b/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go
@@ -1,16 +1,16 @@
-package aliyunfc
+package aliyunfc
 import (
 	"context"
 	"fmt"
 	"log/slog"
 	"strings"
 	"time"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunFc3 "github.com/alibabacloud-go/fc-20230330/v4/client"
+	alifc3 "github.com/alibabacloud-go/fc-20230330/v4/client"
-	aliyunFc2 "github.com/alibabacloud-go/fc-open-20210406/v2/client"
+	alifc2 "github.com/alibabacloud-go/fc-open-20210406/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 )
@@ -20,11 +20,14 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务版本。
 	// 可取值 "2.0"、"3.0"。
 	ServiceVersion string `json:"serviceVersion"`
-	// 自定义域名（不支持泛域名）。
+	// 自定义域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -37,8 +40,8 @@ type DeployerProvider struct {
 var _ deployer.Deployer = (*DeployerProvider)(nil)
 type wSdkClients struct {
-	fc2 *aliyunFc2.Client
+	FC2 *alifc2.Client
-	fc3 *aliyunFc3.Client
+	FC3 *alifc3.Client
 }
 func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
@@ -48,7 +51,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
+		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
 	return &DeployerProvider{
@@ -60,87 +63,93 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	switch d.config.ServiceVersion {
 	case "3", "3.0":
-		if err := d.deployToFC3(ctx, certPem, privkeyPem); err != nil {
+		if err := d.deployToFC3(ctx, certPEM, privkeyPEM); err != nil {
 			return nil, err
 		}
 	case "2", "2.0":
-		if err := d.deployToFC2(ctx, certPem, privkeyPem); err != nil {
+		if err := d.deployToFC2(ctx, certPEM, privkeyPEM); err != nil {
 			return nil, err
 		}
 	default:
-		return nil, xerrors.Errorf("unsupported service version: %s", d.config.ServiceVersion)
+		return nil, fmt.Errorf("unsupported service version '%s'", d.config.ServiceVersion)
 	}
 	return &deployer.DeployResult{}, nil
 }
-func (d *DeployerProvider) deployToFC3(ctx context.Context, certPem string, privkeyPem string) error {
+func (d *DeployerProvider) deployToFC3(ctx context.Context, certPEM string, privkeyPEM string) error {
 	// 获取自定义域名
 	// REF: https://help.aliyun.com/zh/functioncompute/fc-3-0/developer-reference/api-fc-2023-03-30-getcustomdomain
-	getCustomDomainResp, err := d.sdkClients.fc3.GetCustomDomain(tea.String(d.config.Domain))
+	getCustomDomainResp, err := d.sdkClients.FC3.GetCustomDomain(tea.String(d.config.Domain))
 	d.logger.Debug("sdk request 'fc.GetCustomDomain'", slog.Any("response", getCustomDomainResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'fc.GetCustomDomain'")
+		return fmt.Errorf("failed to execute sdk request 'fc.GetCustomDomain': %w", err)
 	}
 	// 更新自定义域名
 	// REF: https://help.aliyun.com/zh/functioncompute/fc-3-0/developer-reference/api-fc-2023-03-30-updatecustomdomain
-	updateCustomDomainReq := &aliyunFc3.UpdateCustomDomainRequest{
+	updateCustomDomainReq := &alifc3.UpdateCustomDomainRequest{
-		Body: &aliyunFc3.UpdateCustomDomainInput{
+		Body: &alifc3.UpdateCustomDomainInput{
-			CertConfig: &aliyunFc3.CertConfig{
+			CertConfig: &alifc3.CertConfig{
 				CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
-				Certificate: tea.String(certPem),
+				Certificate: tea.String(certPEM),
-				PrivateKey:  tea.String(privkeyPem),
+				PrivateKey:  tea.String(privkeyPEM),
 			},
 			Protocol:  getCustomDomainResp.Body.Protocol,
 			TlsConfig: getCustomDomainResp.Body.TlsConfig,
 		},
 	}
-	updateCustomDomainResp, err := d.sdkClients.fc3.UpdateCustomDomain(tea.String(d.config.Domain), updateCustomDomainReq)
+	if tea.StringValue(updateCustomDomainReq.Body.Protocol) == "HTTP" {
 		updateCustomDomainReq.Body.Protocol = tea.String("HTTP,HTTPS")
 	}
 	updateCustomDomainResp, err := d.sdkClients.FC3.UpdateCustomDomain(tea.String(d.config.Domain), updateCustomDomainReq)
 	d.logger.Debug("sdk request 'fc.UpdateCustomDomain'", slog.Any("request", updateCustomDomainReq), slog.Any("response", updateCustomDomainResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'fc.UpdateCustomDomain'")
+		return fmt.Errorf("failed to execute sdk request 'fc.UpdateCustomDomain': %w", err)
 	}
 	return nil
 }
-func (d *DeployerProvider) deployToFC2(ctx context.Context, certPem string, privkeyPem string) error {
+func (d *DeployerProvider) deployToFC2(ctx context.Context, certPEM string, privkeyPEM string) error {
 	// 获取自定义域名
 	// REF: https://help.aliyun.com/zh/functioncompute/fc-2-0/developer-reference/api-fc-open-2021-04-06-getcustomdomain
-	getCustomDomainResp, err := d.sdkClients.fc2.GetCustomDomain(tea.String(d.config.Domain))
+	getCustomDomainResp, err := d.sdkClients.FC2.GetCustomDomain(tea.String(d.config.Domain))
 	d.logger.Debug("sdk request 'fc.GetCustomDomain'", slog.Any("response", getCustomDomainResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'fc.GetCustomDomain'")
+		return fmt.Errorf("failed to execute sdk request 'fc.GetCustomDomain': %w", err)
 	}
 	// 更新自定义域名
 	// REF: https://help.aliyun.com/zh/functioncompute/fc-2-0/developer-reference/api-fc-open-2021-04-06-updatecustomdomain
-	updateCustomDomainReq := &aliyunFc2.UpdateCustomDomainRequest{
+	updateCustomDomainReq := &alifc2.UpdateCustomDomainRequest{
-		CertConfig: &aliyunFc2.CertConfig{
+		CertConfig: &alifc2.CertConfig{
 			CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
-			Certificate: tea.String(certPem),
+			Certificate: tea.String(certPEM),
-			PrivateKey:  tea.String(privkeyPem),
+			PrivateKey:  tea.String(privkeyPEM),
 		},
 		Protocol:  getCustomDomainResp.Body.Protocol,
 		TlsConfig: getCustomDomainResp.Body.TlsConfig,
 	}
-	updateCustomDomainResp, err := d.sdkClients.fc2.UpdateCustomDomain(tea.String(d.config.Domain), updateCustomDomainReq)
+	if tea.StringValue(updateCustomDomainReq.Protocol) == "HTTP" {
 		updateCustomDomainReq.Protocol = tea.String("HTTP,HTTPS")
 	}
 	updateCustomDomainResp, err := d.sdkClients.FC2.UpdateCustomDomain(tea.String(d.config.Domain), updateCustomDomainReq)
 	d.logger.Debug("sdk request 'fc.UpdateCustomDomain'", slog.Any("request", updateCustomDomainReq), slog.Any("response", updateCustomDomainResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'fc.UpdateCustomDomain'")
+		return fmt.Errorf("failed to execute sdk request 'fc.UpdateCustomDomain': %w", err)
 	}
 	return nil
@@ -150,36 +159,38 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	// 接入点一览 https://api.aliyun.com/product/FC-Open
 	var fc2Endpoint string
 	switch region {
 	case "":
 		fc2Endpoint = "fc.aliyuncs.com"
 	case "cn-hangzhou-finance":
 		fc2Endpoint = fmt.Sprintf("%s.fc.aliyuncs.com", region)
 	default:
 		fc2Endpoint = fmt.Sprintf("fc.%s.aliyuncs.com", region)
 	}
-	fc2Config := &aliyunOpen.Config{
+	fc2Config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(fc2Endpoint),
 	}
-	fc2Client, err := aliyunFc2.NewClient(fc2Config)
+	fc2Client, err := alifc2.NewClient(fc2Config)
 	if err != nil {
 		return nil, err
 	}
 	// 接入点一览 https://api.aliyun.com/product/FC-Open
-	fc3Endpoint := fmt.Sprintf("fcv3.%s.aliyuncs.com", region)
+	fc3Endpoint := strings.ReplaceAll(fmt.Sprintf("fcv3.%s.aliyuncs.com", region), "..", ".")
-	fc3Config := &aliyunOpen.Config{
+	fc3Config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(fc3Endpoint),
 	}
-	fc3Client, err := aliyunFc3.NewClient(fc3Config)
+	fc3Client, err := alifc3.NewClient(fc3Config)
 	if err != nil {
 		return nil, err
 	}
 	return &wSdkClients{
-		fc2: fc2Client,
+		FC2: fc2Client,
-		fc3: fc3Client,
+		FC3: fc3Client,
 	}, nil
 }
--- a/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc_test.go
@@ -1,4 +1,4 @@
-package aliyunfc_test
+package aliyunfc_test
 import (
 	"context"
--- a/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go
+++ b/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go
@@ -0,0 +1,325 @@
 package aliyunga
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log/slog"
 	"strings"
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	aliga "github.com/alibabacloud-go/ga-20191120/v3/client"
 	"github.com/alibabacloud-go/tea/tea"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
 	sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
 )
 type DeployerConfig struct {
 	// 阿里云 AccessKeyId。
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
 	// 全球加速实例 ID。
 	AcceleratorId string `json:"acceleratorId"`
 	// 全球加速监听 ID。
 	// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。
 	ListenerId string `json:"listenerId,omitempty"`
 	// SNI 域名（不支持泛域名）。
 	// 部署资源类型为 [RESOURCE_TYPE_ACCELERATOR]、[RESOURCE_TYPE_LISTENER] 时选填。
 	Domain string `json:"domain,omitempty"`
 }
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
 	sdkClient   *aliga.Client
 	sslUploader uploader.Uploader
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
 func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	if config == nil {
 		panic("config is nil")
 	}
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
 		config:      config,
 		logger:      slog.Default(),
 		sdkClient:   client,
 		sslUploader: uploader,
 	}, nil
 }
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
 		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	d.sslUploader.WithLogger(logger)
 	return d
 }
 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 上传证书到 CAS
 	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
 		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
 	// 根据部署资源类型决定部署方式
 	switch d.config.ResourceType {
 	case RESOURCE_TYPE_ACCELERATOR:
 		if err := d.deployToAccelerator(ctx, upres.ExtendedData["certIdentifier"].(string)); err != nil {
 			return nil, err
 		}
 	case RESOURCE_TYPE_LISTENER:
 		if err := d.deployToListener(ctx, upres.ExtendedData["certIdentifier"].(string)); err != nil {
 			return nil, err
 		}
 	default:
 		return nil, fmt.Errorf("unsupported resource type '%s'", d.config.ResourceType)
 	}
 	return &deployer.DeployResult{}, nil
 }
 func (d *DeployerProvider) deployToAccelerator(ctx context.Context, cloudCertId string) error {
 	if d.config.AcceleratorId == "" {
 		return errors.New("config `acceleratorId` is required")
 	}
 	// 查询 HTTPS 监听列表
 	// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-listlisteners
 	listenerIds := make([]string, 0)
 	listListenersPageNumber := int32(1)
 	listListenersPageSize := int32(50)
 	for {
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 		}
 		listListenersReq := &aliga.ListListenersRequest{
 			RegionId:      tea.String("cn-hangzhou"),
 			AcceleratorId: tea.String(d.config.AcceleratorId),
 			PageNumber:    tea.Int32(listListenersPageNumber),
 			PageSize:      tea.Int32(listListenersPageSize),
 		}
 		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
 		d.logger.Debug("sdk request 'ga.ListListeners'", slog.Any("request", listListenersReq), slog.Any("response", listListenersResp))
 		if err != nil {
 			return fmt.Errorf("failed to execute sdk request 'ga.ListListeners': %w", err)
 		}
 		if listListenersResp.Body.Listeners != nil {
 			for _, listener := range listListenersResp.Body.Listeners {
 				if strings.EqualFold(tea.StringValue(listener.Protocol), "https") {
 					listenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))
 				}
 			}
 		}
 		if len(listListenersResp.Body.Listeners) < int(listListenersPageSize) {
 			break
 		} else {
 			listListenersPageNumber++
 		}
 	}
 	// 遍历更新监听证书
 	if len(listenerIds) == 0 {
 		d.logger.Info("no ga listeners to deploy")
 	} else {
 		var errs []error
 		d.logger.Info("found https listeners to deploy", slog.Any("listenerIds", listenerIds))
 		for _, listenerId := range listenerIds {
 			select {
 			case <-ctx.Done():
 				return ctx.Err()
 			default:
 				if err := d.updateListenerCertificate(ctx, d.config.AcceleratorId, listenerId, cloudCertId); err != nil {
 					errs = append(errs, err)
 				}
 			}
 		}
 		if len(errs) > 0 {
 			return errors.Join(errs...)
 		}
 	}
 	return nil
 }
 func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId string) error {
 	if d.config.AcceleratorId == "" {
 		return errors.New("config `acceleratorId` is required")
 	}
 	if d.config.ListenerId == "" {
 		return errors.New("config `listenerId` is required")
 	}
 	// 更新监听
 	if err := d.updateListenerCertificate(ctx, d.config.AcceleratorId, d.config.ListenerId, cloudCertId); err != nil {
 		return err
 	}
 	return nil
 }
 func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudAcceleratorId string, cloudListenerId string, cloudCertId string) error {
 	// 查询监听绑定的证书列表
 	// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-listlistenercertificates
 	var listenerDefaultCertificate *aliga.ListListenerCertificatesResponseBodyCertificates
 	var listenerAdditionalCertificates []*aliga.ListListenerCertificatesResponseBodyCertificates = make([]*aliga.ListListenerCertificatesResponseBodyCertificates, 0)
 	var listListenerCertificatesNextToken *string
 	for {
 		listListenerCertificatesReq := &aliga.ListListenerCertificatesRequest{
 			RegionId:      tea.String("cn-hangzhou"),
 			AcceleratorId: tea.String(d.config.AcceleratorId),
 			NextToken:     listListenerCertificatesNextToken,
 			MaxResults:    tea.Int32(20),
 		}
 		listListenerCertificatesResp, err := d.sdkClient.ListListenerCertificates(listListenerCertificatesReq)
 		d.logger.Debug("sdk request 'ga.ListListenerCertificates'", slog.Any("request", listListenerCertificatesReq), slog.Any("response", listListenerCertificatesResp))
 		if err != nil {
 			return fmt.Errorf("failed to execute sdk request 'ga.ListListenerCertificates': %w", err)
 		}
 		if listListenerCertificatesResp.Body.Certificates != nil {
 			for _, certificate := range listListenerCertificatesResp.Body.Certificates {
 				if tea.BoolValue(certificate.IsDefault) {
 					listenerDefaultCertificate = certificate
 				} else {
 					listenerAdditionalCertificates = append(listenerAdditionalCertificates, certificate)
 				}
 			}
 		}
 		if listListenerCertificatesResp.Body.NextToken == nil {
 			break
 		} else {
 			listListenerCertificatesNextToken = listListenerCertificatesResp.Body.NextToken
 		}
 	}
 	if d.config.Domain == "" {
 		// 未指定 SNI，只需部署到监听器
 		if listenerDefaultCertificate != nil && tea.StringValue(listenerDefaultCertificate.CertificateId) == cloudCertId {
 			d.logger.Info("no need to update ga listener default certificate")
 			return nil
 		}
 		// 修改监听的属性
 		// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-updatelistener
 		updateListenerReq := &aliga.UpdateListenerRequest{
 			RegionId:   tea.String("cn-hangzhou"),
 			ListenerId: tea.String(cloudListenerId),
 			Certificates: []*aliga.UpdateListenerRequestCertificates{{
 				Id: tea.String(cloudCertId),
 			}},
 		}
 		updateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)
 		d.logger.Debug("sdk request 'ga.UpdateListener'", slog.Any("request", updateListenerReq), slog.Any("response", updateListenerResp))
 		if err != nil {
 			return fmt.Errorf("failed to execute sdk request 'ga.UpdateListener': %w", err)
 		}
 	} else {
 		// 指定 SNI，需部署到扩展域名
 		if sliceutil.Some(listenerAdditionalCertificates, func(item *aliga.ListListenerCertificatesResponseBodyCertificates) bool {
 			return tea.StringValue(item.CertificateId) == cloudCertId
 		}) {
 			d.logger.Info("no need to update ga listener additional certificate")
 			return nil
 		}
 		if sliceutil.Some(listenerAdditionalCertificates, func(item *aliga.ListListenerCertificatesResponseBodyCertificates) bool {
 			return tea.StringValue(item.Domain) == d.config.Domain
 		}) {
 			// 为监听替换扩展证书
 			// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-updateadditionalcertificatewithlistener
 			updateAdditionalCertificateWithListenerReq := &aliga.UpdateAdditionalCertificateWithListenerRequest{
 				RegionId:      tea.String("cn-hangzhou"),
 				AcceleratorId: tea.String(cloudAcceleratorId),
 				ListenerId:    tea.String(cloudListenerId),
 				CertificateId: tea.String(cloudCertId),
 				Domain:        tea.String(d.config.Domain),
 			}
 			updateAdditionalCertificateWithListenerResp, err := d.sdkClient.UpdateAdditionalCertificateWithListener(updateAdditionalCertificateWithListenerReq)
 			d.logger.Debug("sdk request 'ga.UpdateAdditionalCertificateWithListener'", slog.Any("request", updateAdditionalCertificateWithListenerReq), slog.Any("response", updateAdditionalCertificateWithListenerResp))
 			if err != nil {
 				return fmt.Errorf("failed to execute sdk request 'ga.UpdateAdditionalCertificateWithListener': %w", err)
 			}
 		} else {
 			// 为监听绑定扩展证书
 			// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-associateadditionalcertificateswithlistener
 			associateAdditionalCertificatesWithListenerReq := &aliga.AssociateAdditionalCertificatesWithListenerRequest{
 				RegionId:      tea.String("cn-hangzhou"),
 				AcceleratorId: tea.String(cloudAcceleratorId),
 				ListenerId:    tea.String(cloudListenerId),
 				Certificates: []*aliga.AssociateAdditionalCertificatesWithListenerRequestCertificates{{
 					Id:     tea.String(cloudCertId),
 					Domain: tea.String(d.config.Domain),
 				}},
 			}
 			associateAdditionalCertificatesWithListenerResp, err := d.sdkClient.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesWithListenerReq)
 			d.logger.Debug("sdk request 'ga.AssociateAdditionalCertificatesWithListener'", slog.Any("request", associateAdditionalCertificatesWithListenerReq), slog.Any("response", associateAdditionalCertificatesWithListenerResp))
 			if err != nil {
 				return fmt.Errorf("failed to execute sdk request 'ga.AssociateAdditionalCertificatesWithListener': %w", err)
 			}
 		}
 	}
 	return nil
 }
 func createSdkClient(accessKeyId, accessKeySecret string) (*aliga.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/Ga
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String("ga.cn-hangzhou.aliyuncs.com"),
 	}
 	client, err := aliga.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
 	return client, nil
 }
 func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId string) (uploader.Uploader, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          "cn-hangzhou",
 	})
 	return uploader, err
 }
--- a/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga_test.go
@@ -0,0 +1,118 @@
 package aliyunga_test
 import (
 	"context"
 	"flag"
 	"fmt"
 	"os"
 	"strings"
 	"testing"
 	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-ga"
 )
 var (
 	fInputCertPath   string
 	fInputKeyPath    string
 	fAccessKeyId     string
 	fAccessKeySecret string
 	fAcceleratorId   string
 	fListenerId      string
 	fDomain          string
 )
 func init() {
 	argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNGA_"
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
 	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
 	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
 	flag.StringVar(&fAcceleratorId, argsPrefix+"ACCELERATORID", "", "")
 	flag.StringVar(&fListenerId, argsPrefix+"LISTENERID", "", "")
 	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 /*
 Shell command to run this test:
 	go test -v ./aliyun_ga_test.go -args \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_INPUTKEYPATH="/path/to/your-input-key.pem" \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_ACCESSKEYID="your-access-key-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_ACCELERATORID="your-ga-accelerator-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_LISTENERID="your-ga-listener-id" \
 	--CERTIMATE_DEPLOYER_ALIYUNGA_DOMAIN="your-ga-sni-domain"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
 	t.Run("Deploy_ToAccelerator", func(t *testing.T) {
 		t.Log(strings.Join([]string{
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
 			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("ACCELERATORID: %v", fAcceleratorId),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
 			AccessKeyId:     fAccessKeyId,
 			AccessKeySecret: fAccessKeySecret,
 			ResourceType:    provider.RESOURCE_TYPE_ACCELERATOR,
 			AcceleratorId:   fAcceleratorId,
 			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		fInputCertData, _ := os.ReadFile(fInputCertPath)
 		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
 		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		t.Logf("ok: %v", res)
 	})
 	t.Run("Deploy_ToListener", func(t *testing.T) {
 		t.Log(strings.Join([]string{
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
 			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("LISTENERID: %v", fListenerId),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
 			AccessKeyId:     fAccessKeyId,
 			AccessKeySecret: fAccessKeySecret,
 			ResourceType:    provider.RESOURCE_TYPE_LISTENER,
 			ListenerId:      fListenerId,
 			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		fInputCertData, _ := os.ReadFile(fInputCertPath)
 		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
 		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
 		if err != nil {
 			t.Errorf("err: %+v", err)
 			return
 		}
 		t.Logf("ok: %v", res)
 	})
 }
--- a/internal/pkg/core/deployer/providers/aliyun-ga/consts.go
+++ b/internal/pkg/core/deployer/providers/aliyun-ga/consts.go
@@ -0,0 +1,10 @@
 package aliyunga
 type ResourceType string
 const (
 	// 资源类型：部署到指定全球加速器。
 	RESOURCE_TYPE_ACCELERATOR = ResourceType("accelerator")
 	// 资源类型：部署到指定监听器。
 	RESOURCE_TYPE_LISTENER = ResourceType("listener")
 )
--- a/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go
+++ b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go
@@ -1,4 +1,4 @@
-package aliyunlive
+package aliyunlive
 import (
 	"context"
@@ -7,10 +7,9 @@ import (
 	"strings"
 	"time"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunLive "github.com/alibabacloud-go/live-20161101/client"
+	alilive "github.com/alibabacloud-go/live-20161101/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 )
@@ -20,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 直播流域名（支持泛域名）。
@@ -29,7 +30,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config    *DeployerConfig
 	logger    *slog.Logger
-	sdkClient *aliyunLive.Client
+	sdkClient *alilive.Client
 }
 var _ deployer.Deployer = (*DeployerProvider)(nil)
@@ -41,7 +42,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 	return &DeployerProvider{
@@ -53,41 +54,41 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// "*.example.com" → ".example.com"，适配阿里云 Live 要求的泛域名格式
 	domain := strings.TrimPrefix(d.config.Domain, "*")
 	// 设置域名证书
 	// REF: https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-setlivedomaincertificate
-	setLiveDomainSSLCertificateReq := &aliyunLive.SetLiveDomainCertificateRequest{
+	setLiveDomainSSLCertificateReq := &alilive.SetLiveDomainCertificateRequest{
 		DomainName:  tea.String(domain),
 		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
 		CertType:    tea.String("upload"),
 		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(certPem),
+		SSLPub:      tea.String(certPEM),
-		SSLPri:      tea.String(privkeyPem),
+		SSLPri:      tea.String(privkeyPEM),
 	}
 	setLiveDomainSSLCertificateResp, err := d.sdkClient.SetLiveDomainCertificate(setLiveDomainSSLCertificateReq)
 	d.logger.Debug("sdk request 'live.SetLiveDomainCertificate'", slog.Any("request", setLiveDomainSSLCertificateReq), slog.Any("response", setLiveDomainSSLCertificateResp))
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.SetLiveDomainCertificate'")
+		return nil, fmt.Errorf("failed to execute sdk request 'live.SetLiveDomainCertificate': %w", err)
 	}
 	return &deployer.DeployResult{}, nil
 }
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunLive.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*alilive.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/live
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-qingdao",
 		"cn-beijing",
 		"cn-shanghai",
@@ -100,13 +101,13 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunLive.C
 		endpoint = fmt.Sprintf("live.%s.aliyuncs.com", region)
 	}
-	config := &aliyunOpen.Config{
+	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(endpoint),
 	}
-	client, err := aliyunLive.NewClient(config)
+	client, err := alilive.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go
@@ -1,4 +1,4 @@
-package aliyunlive_test
+package aliyunlive_test
 import (
 	"context"
--- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
@@ -1,4 +1,4 @@
-package aliyunnlb
+package aliyunnlb
 import (
 	"context"
@@ -7,10 +7,9 @@ import (
 	"log/slog"
 	"strings"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunNlb "github.com/alibabacloud-go/nlb-20220430/v2/client"
+	alinlb "github.com/alibabacloud-go/nlb-20220430/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -22,6 +21,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
 	// 阿里云资源组 ID。
 	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -37,7 +38,7 @@ type DeployerConfig struct {
 type DeployerProvider struct {
 	config      *DeployerConfig
 	logger      *slog.Logger
-	sdkClient   *aliyunNlb.Client
+	sdkClient   *alinlb.Client
 	sslUploader uploader.Uploader
 }
@@ -50,12 +51,12 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
 	return &DeployerProvider{
@@ -68,7 +69,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -76,11 +77,11 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	return d
 }
-func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
 	// 上传证书到 CAS
-	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+		return nil, fmt.Errorf("failed to upload certificate file: %w", err)
 	} else {
 		d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
 	}
@@ -98,7 +99,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 		}
 	default:
-		return nil, fmt.Errorf("unsupported resource type: %s", d.config.ResourceType)
+		return nil, fmt.Errorf("unsupported resource type '%s'", d.config.ResourceType)
 	}
 	return &deployer.DeployResult{}, nil
@@ -111,13 +112,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
-	getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
+	getLoadBalancerAttributeReq := &alinlb.GetLoadBalancerAttributeRequest{
 		LoadBalancerId: tea.String(d.config.LoadbalancerId),
 	}
 	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
 	d.logger.Debug("sdk request 'nlb.GetLoadBalancerAttribute'", slog.Any("request", getLoadBalancerAttributeReq), slog.Any("response", getLoadBalancerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetLoadBalancerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'nlb.GetLoadBalancerAttribute': %w", err)
 	}
 	// 查询 TCPSSL 监听列表
@@ -126,7 +127,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
-		listListenersReq := &aliyunNlb.ListListenersRequest{
+		select {
 		case <-ctx.Done():
 			return ctx.Err()
 		default:
 		}
 		listListenersReq := &alinlb.ListListenersRequest{
 			MaxResults:       tea.Int32(listListenersLimit),
 			NextToken:        listListenersToken,
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
@@ -135,12 +142,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
 		d.logger.Debug("sdk request 'nlb.ListListeners'", slog.Any("request", listListenersReq), slog.Any("response", listListenersResp))
 		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'nlb.ListListeners'")
+			return fmt.Errorf("failed to execute sdk request 'nlb.ListListeners': %w", err)
 		}
 		if listListenersResp.Body.Listeners != nil {
 			for _, listener := range listListenersResp.Body.Listeners {
-				listenerIds = append(listenerIds, *listener.ListenerId)
+				listenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))
 			}
 		}
@@ -159,8 +166,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 		for _, listenerId := range listenerIds {
-			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+			select {
-				errs = append(errs, err)
+			case <-ctx.Done():
 				return ctx.Err()
 			default:
 				if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
 					errs = append(errs, err)
 				}
 			}
 		}
@@ -188,45 +200,40 @@ func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId str
 func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {
 	// 查询监听的属性
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getlistenerattribute
-	getListenerAttributeReq := &aliyunNlb.GetListenerAttributeRequest{
+	getListenerAttributeReq := &alinlb.GetListenerAttributeRequest{
 		ListenerId: tea.String(cloudListenerId),
 	}
 	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
 	d.logger.Debug("sdk request 'nlb.GetListenerAttribute'", slog.Any("request", getListenerAttributeReq), slog.Any("response", getListenerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetListenerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'nlb.GetListenerAttribute': %w", err)
 	}
 	// 修改监听的属性
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-updatelistenerattribute
-	updateListenerAttributeReq := &aliyunNlb.UpdateListenerAttributeRequest{
+	updateListenerAttributeReq := &alinlb.UpdateListenerAttributeRequest{
 		ListenerId:     tea.String(cloudListenerId),
 		CertificateIds: []*string{tea.String(cloudCertId)},
 	}
 	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
 	d.logger.Debug("sdk request 'nlb.UpdateListenerAttribute'", slog.Any("request", updateListenerAttributeReq), slog.Any("response", updateListenerAttributeResp))
 	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.UpdateListenerAttribute'")
+		return fmt.Errorf("failed to execute sdk request 'nlb.UpdateListenerAttribute': %w", err)
 	}
 	return nil
 }
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/Nlb
-	var endpoint string
+	endpoint := strings.ReplaceAll(fmt.Sprintf("nlb.%s.aliyuncs.com", region), "..", ".")
-	switch region {
+	config := &aliopen.Config{
 	default:
 		endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region)
 	}
 	config := &aliyunOpen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 		Endpoint:        tea.String(endpoint),
 	}
-	client, err := aliyunNlb.NewClient(config)
+	client, err := alinlb.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
@@ -234,13 +241,13 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Cl
 	return client, nil
 }
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 NLB 服务的
 		// 国内版固定接入点：华东一杭州
 		// 国际版固定接入点：亚太东南一新加坡
-		if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+		if !strings.HasPrefix(casRegion, "cn-") {
 			casRegion = "ap-southeast-1"
 		} else {
 			casRegion = "cn-hangzhou"
@@ -250,6 +257,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
 		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err
--- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb_test.go
@@ -1,4 +1,4 @@
-package aliyunnlb_test
+package aliyunnlb_test
 import (
 	"context"
--- a/Show More
+++ b/Show More
`@@ -1,4 +1,4 @@`
	`package dtos`	`package dtos`

	`import "github.com/usual2970/certimate/internal/domain"`	`import "github.com/usual2970/certimate/internal/domain"`
`@@ -1,4 +1,4 @@`
	`package aliyunalb`	`package aliyunalb`

	`type ResourceType string`	`type ResourceType string`
`@@ -1,4 +1,4 @@`
	`package aliyunclb`	`package aliyunclb`

	`type ResourceType string`	`type ResourceType string`