feat: support sni domain on deployment to aliyun clb & alb

internal/deployer/providers.go

@@ -59,6 +59,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 					ResourceType:    providerAliyunALB.DeployResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(options.ProviderDeployConfig, "loadbalancerId"),
 					ListenerId:      maps.GetValueAsString(options.ProviderDeployConfig, "listenerId"),
+					Domain:          maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err
 
@@ -77,7 +78,8 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 					Region:          maps.GetValueAsString(options.ProviderDeployConfig, "region"),
 					ResourceType:    providerAliyunCLB.DeployResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerPort:    maps.GetValueAsInt32(options.ProviderDeployConfig, "listenerPort"),
+					ListenerPort:    maps.GetValueOrDefaultAsInt32(options.ProviderDeployConfig, "listenerPort", 443),
+					Domain:          maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err
 
@@ -251,10 +253,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 				return nil, nil, fmt.Errorf("failed to decode provider access config: %w", err)
 			}
 
-			sshPort := access.Port
 			deployer, err := providerSSH.NewWithLogger(&providerSSH.SshDeployerConfig{
 				SshHost:          access.Host,
-				SshPort:          int32(sshPort),
+				SshPort:          access.Port,
 				SshUsername:      access.Username,
 				SshPassword:      access.Password,
 				SshKey:           access.Key,

internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go

@@ -4,12 +4,16 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strconv"
 	"strings"
+	"time"
 
 	aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
+	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
 	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
+	"golang.org/x/exp/slices"
 
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
@@ -32,17 +36,25 @@ type AliyunALBDeployerConfig struct {
 	// 负载均衡监听 ID。
 	// 部署资源类型为 [DEPLOY_RESOURCE_LISTENER] 时必填。
 	ListenerId string `json:"listenerId,omitempty"`
+	// SNI 域名（支持泛域名）。
+	// 部署资源类型为 [DEPLOY_RESOURCE_LOADBALANCER]、[DEPLOY_RESOURCE_LISTENER] 时选填。
+	Domain string `json:"domain,omitempty"`
 }
 
 type AliyunALBDeployer struct {
 	config      *AliyunALBDeployerConfig
 	logger      logger.Logger
-	sdkClient   *aliyunAlb.Client
+	sdkClients  *wSdkClients
 	sslUploader uploader.Uploader
 }
 
 var _ deployer.Deployer = (*AliyunALBDeployer)(nil)
 
+type wSdkClients struct {
+	alb *aliyunAlb.Client
+	cas *aliyunCas.Client
+}
+
 func New(config *AliyunALBDeployerConfig) (*AliyunALBDeployer, error) {
 	return NewWithLogger(config, logger.NewNilLogger())
 }
@@ -56,9 +68,9 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
 		return nil, errors.New("logger is nil")
 	}
 
-	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
 	}
 
 	aliyunCasRegion := config.Region
@@ -84,7 +96,7 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
 	return &AliyunALBDeployer{
 		logger:      logger,
 		config:      config,
-		sdkClient:   client,
+		sdkClients:  clients,
 		sslUploader: uploader,
 	}, nil
 }
@@ -122,14 +134,12 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerIds := make([]string, 0)
-
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
 	getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
 		LoadBalancerId: tea.String(d.config.LoadbalancerId),
 	}
-	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	getLoadBalancerAttributeResp, err := d.sdkClients.alb.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
 	if err != nil {
 		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
 	}
@@ -138,7 +148,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 HTTPS 监听列表
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
-	listListenersPage := 1
+	listenerIds := make([]string, 0)
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
@@ -148,7 +158,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("HTTPS"),
 		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
 		if err != nil {
 			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
 		}
@@ -163,7 +173,6 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			break
 		} else {
 			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
@@ -171,7 +180,6 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 QUIC 监听列表
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
-	listListenersPage = 1
 	listListenersToken = nil
 	for {
 		listListenersReq := &aliyunAlb.ListListenersRequest{
@@ -180,7 +188,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("QUIC"),
 		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
 		if err != nil {
 			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
 		}
@@ -195,21 +203,26 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			break
 		} else {
 			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
 	d.logger.Logt("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", listenerIds)
 
-	// 批量更新监听证书
+	// 遍历更新监听证书
-	var errs []error
+	if len(listenerIds) == 0 {
-	for _, listenerId := range listenerIds {
+		return xerrors.New("listener not found")
-		if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+	} else {
-			errs = append(errs, err)
+		var errs []error
+
+		for _, listenerId := range listenerIds {
+			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -234,57 +247,202 @@ func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, cloud
 	getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
 		ListenerId: tea.String(cloudListenerId),
 	}
-	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
+	getListenerAttributeResp, err := d.sdkClients.alb.GetListenerAttribute(getListenerAttributeReq)
 	if err != nil {
 		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
 	}
 
 	d.logger.Logt("已查询到 ALB 监听配置", getListenerAttributeResp)
 
-	// 修改监听的属性
+	if d.config.Domain == "" {
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
+		// 未指定 SNI，只需部署到监听器
-	updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
-		ListenerId: tea.String(cloudListenerId),
-		Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
-			CertificateId: tea.String(cloudCertId),
-		}},
-	}
-	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
-	}
 
-	d.logger.Logt("已更新 ALB 监听配置", updateListenerAttributeResp)
+		// 修改监听的属性
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
+		updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
+			ListenerId: tea.String(cloudListenerId),
+			Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
+				CertificateId: tea.String(cloudCertId),
+			}},
+		}
+		updateListenerAttributeResp, err := d.sdkClients.alb.UpdateListenerAttribute(updateListenerAttributeReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
+		}
 
-	// TODO: #347
+		d.logger.Logt("已更新 ALB 监听配置", updateListenerAttributeResp)
+	} else {
+		// 指定 SNI，需部署到扩展域名（支持泛域名）
+
+		// 查询监听证书列表
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
+		listenerCertificates := make([]aliyunAlb.ListListenerCertificatesResponseBodyCertificates, 0)
+		listListenerCertificatesLimit := int32(100)
+		var listListenerCertificatesToken *string = nil
+		for {
+			listListenerCertificatesReq := &aliyunAlb.ListListenerCertificatesRequest{
+				NextToken:       listListenerCertificatesToken,
+				MaxResults:      tea.Int32(listListenerCertificatesLimit),
+				ListenerId:      tea.String(cloudListenerId),
+				CertificateType: tea.String("Server"),
+			}
+			listListenerCertificatesResp, err := d.sdkClients.alb.ListListenerCertificates(listListenerCertificatesReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListenerCertificates'")
+			}
+
+			if listListenerCertificatesResp.Body.Certificates != nil {
+				for _, listenerCertificate := range listListenerCertificatesResp.Body.Certificates {
+					listenerCertificates = append(listenerCertificates, *listenerCertificate)
+				}
+			}
+
+			if len(listListenerCertificatesResp.Body.Certificates) == 0 || listListenerCertificatesResp.Body.NextToken == nil {
+				break
+			} else {
+				listListenerCertificatesToken = listListenerCertificatesResp.Body.NextToken
+			}
+		}
+
+		d.logger.Logt("已查询到 ALB 监听下全部证书", listenerCertificates)
+
+		// 遍历查询监听证书，并找出需要解除关联的证书
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
+		// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
+		certificateIsAssociated := false
+		certificateIdsExpired := make([]string, 0)
+		if len(listenerCertificates) > 0 {
+			var errs []error
+
+			for _, listenerCertificate := range listenerCertificates {
+				if *listenerCertificate.CertificateId == cloudCertId {
+					certificateIsAssociated = true
+					continue
+				}
+
+				if *listenerCertificate.IsDefault || !strings.EqualFold(*listenerCertificate.Status, "Associated") {
+					continue
+				}
+
+				listenerCertificateId, err := strconv.ParseInt(*listenerCertificate.CertificateId, 10, 64)
+				if err != nil {
+					errs = append(errs, err)
+					continue
+				}
+
+				getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
+					CertId: tea.Int64(listenerCertificateId),
+				}
+				getUserCertificateDetailResp, err := d.sdkClients.cas.GetUserCertificateDetail(getUserCertificateDetailReq)
+				if err != nil {
+					errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'"))
+					continue
+				}
+
+				certCnMatched := getUserCertificateDetailResp.Body.Common != nil && *getUserCertificateDetailResp.Body.Common == d.config.Domain
+				certSanMatched := getUserCertificateDetailResp.Body.Sans != nil && slices.Contains(strings.Split(*getUserCertificateDetailResp.Body.Sans, ","), d.config.Domain)
+				if !certCnMatched && !certSanMatched {
+					continue
+				}
+
+				certEndDate, _ := time.Parse("2006-01-02", *getUserCertificateDetailResp.Body.EndDate)
+				if time.Now().Before(certEndDate) {
+					continue
+				}
+
+				certificateIdsExpired = append(certificateIdsExpired, *listenerCertificate.CertificateId)
+			}
+
+			if len(errs) > 0 {
+				return errors.Join(errs...)
+			}
+		}
+
+		// 关联监听和扩展证书
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener
+		if !certificateIsAssociated {
+			associateAdditionalCertificatesFromListenerReq := &aliyunAlb.AssociateAdditionalCertificatesWithListenerRequest{
+				ListenerId: tea.String(cloudListenerId),
+				Certificates: []*aliyunAlb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
+					{
+						CertificateId: tea.String(cloudCertId),
+					},
+				},
+			}
+			associateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesFromListenerReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'alb.AssociateAdditionalCertificatesWithListener'")
+			}
+
+			d.logger.Logt("已关联 ALB 监听和扩展证书", associateAdditionalCertificatesFromListenerResp)
+		}
+
+		// 解除关联监听和扩展证书
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener
+		if len(certificateIdsExpired) > 0 {
+			dissociateAdditionalCertificates := make([]*aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
+			for _, certificateId := range certificateIdsExpired {
+				dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
+					CertificateId: tea.String(certificateId),
+				})
+			}
+
+			dissociateAdditionalCertificatesFromListenerReq := &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequest{
+				ListenerId:   tea.String(cloudListenerId),
+				Certificates: dissociateAdditionalCertificates,
+			}
+			dissociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.DissociateAdditionalCertificatesFromListener(dissociateAdditionalCertificatesFromListenerReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'alb.DissociateAdditionalCertificatesFromListener'")
+			}
+
+			d.logger.Logt("已解除关联 ALB 监听和扩展证书", dissociateAdditionalCertificatesFromListenerResp)
+		}
+	}
 
 	return nil
 }
 
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunAlb.Client, error) {
+func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
-	if region == "" {
+	// 接入点一览 https://www.alibabacloud.com/help/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-albEndpoint
-		region = "cn-hangzhou"
+	var albEndpoint string
-	}
-
-	// 接入点一览 https://www.alibabacloud.com/help/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-endpoint
-	var endpoint string
 	switch region {
 	case "cn-hangzhou-finance":
-		endpoint = "alb.cn-hangzhou.aliyuncs.com"
+		albEndpoint = "alb.cn-hangzhou.aliyuncs.com"
 	default:
-		endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
+		albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
 	}
 
-	config := &aliyunOpen.Config{
+	albConfig := &aliyunOpen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(endpoint),
+		Endpoint:        tea.String(albEndpoint),
 	}
-
+	albClient, err := aliyunAlb.NewClient(albConfig)
-	client, err := aliyunAlb.NewClient(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return client, nil
+	// 接入点一览 https://help.aliyun.com/zh/ssl-certificate/developer-reference/endpoints
+	var casEndpoint string
+	if !strings.HasPrefix(region, "cn-") {
+		casEndpoint = "cas.ap-southeast-1.aliyuncs.com"
+	} else {
+		casEndpoint = "cas.aliyuncs.com"
+	}
+
+	casConfig := &aliyunOpen.Config{
+		Endpoint:        tea.String(casEndpoint),
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+	casClient, err := aliyunCas.NewClient(casConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wSdkClients{
+		alb: albClient,
+		cas: casClient,
+	}, nil
 }

internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go

@@ -19,6 +19,7 @@ var (
 	fRegion          string
 	fLoadbalancerId  string
 	fListenerId      string
+	fDomain          string
 )
 
 func init() {
@@ -31,6 +32,7 @@ func init() {
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
 	flag.StringVar(&fListenerId, argsPrefix+"LISTENERID", "", "")
+	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 
 /*
@@ -43,7 +45,8 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_ALIYUNALB_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNALB_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNALB_LOADBALANCERID="your-alb-instance-id" \
-	--CERTIMATE_DEPLOYER_ALIYUNALB_LISTENERID="your-alb-listener-id"
+	--CERTIMATE_DEPLOYER_ALIYUNALB_LISTENERID="your-alb-listener-id" \
+	--CERTIMATE_DEPLOYER_ALIYUNALB_DOMAIN="your-alb-sni-domain"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@@ -57,6 +60,7 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId),
+			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 
 		deployer, err := provider.New(&provider.AliyunALBDeployerConfig{
@@ -65,6 +69,7 @@ func TestDeploy(t *testing.T) {
 			Region:          fRegion,
 			ResourceType:    provider.DEPLOY_RESOURCE_LOADBALANCER,
 			LoadbalancerId:  fLoadbalancerId,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
@@ -99,6 +104,7 @@ func TestDeploy(t *testing.T) {
 			Region:          fRegion,
 			ResourceType:    provider.DEPLOY_RESOURCE_LISTENER,
 			ListenerId:      fListenerId,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)

internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go

@@ -31,6 +31,9 @@ type AliyunCLBDeployerConfig struct {
 	// 负载均衡监听端口。
 	// 部署资源类型为 [DEPLOY_RESOURCE_LISTENER] 时必填。
 	ListenerPort int32 `json:"listenerPort,omitempty"`
+	// SNI 域名（支持泛域名）。
+	// 部署资源类型为 [DEPLOY_RESOURCE_LOADBALANCER]、[DEPLOY_RESOURCE_LISTENER] 时选填。
+	Domain string `json:"domain,omitempty"`
 }
 
 type AliyunCLBDeployer struct {
@@ -110,8 +113,6 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerPorts := make([]int32, 0)
-
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
 	describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
@@ -127,14 +128,14 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 HTTPS 监听列表
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners
-	listListenersPage := 1
+	listenerPorts := make([]int32, 0)
-	listListenersLimit := int32(100)
+	describeLoadBalancerListenersLimit := int32(100)
-	var listListenersToken *string = nil
+	var describeLoadBalancerListenersToken *string = nil
 	for {
 		describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
 			RegionId:         tea.String(d.config.Region),
-			MaxResults:       tea.Int32(listListenersLimit),
+			MaxResults:       tea.Int32(describeLoadBalancerListenersLimit),
-			NextToken:        listListenersToken,
+			NextToken:        describeLoadBalancerListenersToken,
 			LoadBalancerId:   []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("https"),
 		}
@@ -152,22 +153,27 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		if len(describeLoadBalancerListenersResp.Body.Listeners) == 0 || describeLoadBalancerListenersResp.Body.NextToken == nil {
 			break
 		} else {
-			listListenersToken = describeLoadBalancerListenersResp.Body.NextToken
+			describeLoadBalancerListenersToken = describeLoadBalancerListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
 	d.logger.Logt("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", listenerPorts)
 
-	// 批量更新监听证书
+	// 遍历更新监听证书
-	var errs []error
+	if len(listenerPorts) == 0 {
-	for _, listenerPort := range listenerPorts {
+		return xerrors.New("listener not found")
-		if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
+	} else {
-			errs = append(errs, err)
+		var errs []error
+
+		for _, listenerPort := range listenerPorts {
+			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -203,67 +209,76 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, cloud
 
 	d.logger.Logt("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp)
 
-	// 查询扩展域名
+	if d.config.Domain == "" {
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
+		// 未指定 SNI，只需部署到监听器
-	describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
-		RegionId:       tea.String(d.config.Region),
-		LoadBalancerId: tea.String(cloudLoadbalancerId),
-		ListenerPort:   tea.Int32(cloudListenerPort),
-	}
-	describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
-	}
 
-	d.logger.Logt("已查询到 CLB 扩展域名", describeDomainExtensionsResp)
+		// 修改监听配置
+		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
+		//
+		// 注意修改监听配置要放在修改扩展域名之后
+		setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
+			RegionId:            tea.String(d.config.Region),
+			LoadBalancerId:      tea.String(cloudLoadbalancerId),
+			ListenerPort:        tea.Int32(cloudListenerPort),
+			ServerCertificateId: tea.String(cloudCertId),
+		}
+		setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
+		}
 
-	// 遍历修改扩展域名
+		d.logger.Logt("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
+	} else {
-	//
+		// 指定 SNI，需部署到扩展域名（支持泛域名）
-	// 这里仅修改跟被替换证书一致的扩展域名
+
-	if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
+		// 查询扩展域名
-		for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
+		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
-			if *domainExtension.ServerCertificateId != *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
+		describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
-				continue
+			RegionId:       tea.String(d.config.Region),
+			LoadBalancerId: tea.String(cloudLoadbalancerId),
+			ListenerPort:   tea.Int32(cloudListenerPort),
+		}
+		describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
+		}
+
+		d.logger.Logt("已查询到 CLB 扩展域名", describeDomainExtensionsResp)
+
+		// 遍历修改扩展域名
+		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
+		if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
+			var errs []error
+
+			for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
+				if *domainExtension.Domain != d.config.Domain {
+					continue
+				}
+
+				setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
+					RegionId:            tea.String(d.config.Region),
+					DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
+					ServerCertificateId: tea.String(cloudCertId),
+				}
+				setDomainExtensionAttributeResp, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
+				if err != nil {
+					errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'"))
+					continue
+				}
+
+				d.logger.Logt("已修改 CLB 扩展域名", setDomainExtensionAttributeResp)
 			}
 
-			setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
+			if len(errs) > 0 {
-				RegionId:            tea.String(d.config.Region),
+				return errors.Join(errs...)
-				DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
-				ServerCertificateId: tea.String(cloudCertId),
-			}
-			_, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
-			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'")
 			}
 		}
 	}
 
-	// 修改监听配置
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
-	//
-	// 注意修改监听配置要放在修改扩展域名之后
-	setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
-		RegionId:            tea.String(d.config.Region),
-		LoadBalancerId:      tea.String(cloudLoadbalancerId),
-		ListenerPort:        tea.Int32(cloudListenerPort),
-		ServerCertificateId: tea.String(cloudCertId),
-	}
-	setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
-	}
-
-	d.logger.Logt("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)
-
 	return nil
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // CLB(SLB) 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-endpoint
 	var endpoint string
 	switch region {

internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go

@@ -19,6 +19,7 @@ var (
 	fRegion          string
 	fLoadbalancerId  string
 	fListenerPort    int
+	fDomain          string
 )
 
 func init() {
@@ -31,6 +32,7 @@ func init() {
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
 	flag.IntVar(&fListenerPort, argsPrefix+"LISTENERPORT", 443, "")
+	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 
 /*
@@ -43,7 +45,8 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_LOADBALANCERID="your-clb-instance-id" \
-	--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443
+	--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443 \
+	--CERTIMATE_DEPLOYER_ALIYUNCLB_DOMAIN="your-alb-sni-domain"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@@ -57,6 +60,7 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId),
+			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 
 		deployer, err := provider.New(&provider.AliyunCLBDeployerConfig{
@@ -65,6 +69,7 @@ func TestDeploy(t *testing.T) {
 			Region:          fRegion,
 			ResourceType:    provider.DEPLOY_RESOURCE_LOADBALANCER,
 			LoadbalancerId:  fLoadbalancerId,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
@@ -101,6 +106,7 @@ func TestDeploy(t *testing.T) {
 			ResourceType:    provider.DEPLOY_RESOURCE_LISTENER,
 			LoadbalancerId:  fLoadbalancerId,
 			ListenerPort:    int32(fListenerPort),
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)

internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go

@@ -122,8 +122,6 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerIds := make([]string, 0)
-
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
 	getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
@@ -138,7 +136,7 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 TCPSSL 监听列表
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners
-	listListenersPage := 1
+	listenerIds := make([]string, 0)
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
@@ -163,21 +161,26 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			break
 		} else {
 			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
 	d.logger.Logt("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", listenerIds)
 
-	// 批量更新监听证书
+	// 遍历更新监听证书
-	var errs []error
+	if len(listenerIds) == 0 {
-	for _, listenerId := range listenerIds {
+		return xerrors.New("listener not found")
-		if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+	} else {
-			errs = append(errs, err)
+		var errs []error
+
+		for _, listenerId := range listenerIds {
+			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -226,10 +229,6 @@ func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, cloud
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // NLB 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-endpoint
 	var endpoint string
 	switch region {

ui/src/components/workflow/node/DeployNodeConfigForm.tsx

@@ -239,7 +239,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
             <Form.Item name="provider" label={t("workflow_node.deploy.form.provider.label")} rules={[formRule]}>
               <DeployProviderSelect
                 allowClear
-                disabled
+                disabled={!!initialValues?.provider}
                 placeholder={t("workflow_node.deploy.form.provider.placeholder")}
                 showSearch
                 onSelect={handleProviderSelect}

ui/src/components/workflow/node/DeployNodeConfigFormAliyunALBConfig.tsx

@@ -4,12 +4,14 @@ import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
 import Show from "@/components/Show";
+import { validDomainName } from "@/utils/validators";
 
 type DeployNodeConfigFormAliyunALBConfigFieldValues = Nullish<{
   resourceType: string;
   region: string;
   loadbalancerId?: string;
   listenerId?: string;
+  domain?: string;
 }>;
 
 export type DeployNodeConfigFormAliyunALBConfigProps = {
@@ -56,6 +58,13 @@ const DeployNodeConfigFormAliyunALBConfig = ({
       .trim()
       .nullish()
       .refine((v) => fieldResourceType !== RESOURCE_TYPE_LISTENER || !!v?.trim(), t("workflow_node.deploy.form.aliyun_alb_listener_id.placeholder")),
+    domain: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
+        return !v || validDomainName(v!, { allowWildcard: true });
+      }, t("common.errmsg.domain_invalid")),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -115,6 +124,17 @@ const DeployNodeConfigFormAliyunALBConfig = ({
           <Input placeholder={t("workflow_node.deploy.form.aliyun_alb_listener_id.placeholder")} />
         </Form.Item>
       </Show>
+
+      <Show when={fieldResourceType === RESOURCE_TYPE_LOADBALANCER || fieldResourceType === RESOURCE_TYPE_LISTENER}>
+        <Form.Item
+          name="domain"
+          label={t("workflow_node.deploy.form.aliyun_alb_snidomain.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_alb_snidomain.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.aliyun_alb_snidomain.placeholder")} />
+        </Form.Item>
+      </Show>
     </Form>
   );
 };

ui/src/components/workflow/node/DeployNodeConfigFormAliyunCLBConfig.tsx

@@ -4,13 +4,14 @@ import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
 import Show from "@/components/Show";
-import { validPortNumber } from "@/utils/validators";
+import { validDomainName, validPortNumber } from "@/utils/validators";
 
 type DeployNodeConfigFormAliyunCLBConfigFieldValues = Nullish<{
   resourceType: string;
   region: string;
   loadbalancerId?: string;
   listenerPort?: string | number;
+  domain?: string;
 }>;
 
 export type DeployNodeConfigFormAliyunCLBConfigProps = {
@@ -68,6 +69,13 @@ const DeployNodeConfigFormAliyunCLBConfig = ({
           ),
       ])
       .nullish(),
+    domain: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
+        return !v || validDomainName(v!, { allowWildcard: true });
+      }, t("common.errmsg.domain_invalid")),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -125,6 +133,17 @@ const DeployNodeConfigFormAliyunCLBConfig = ({
           <Input type="number" min={1} max={65535} placeholder={t("workflow_node.deploy.form.aliyun_clb_listener_port.placeholder")} />
         </Form.Item>
       </Show>
+
+      <Show when={fieldResourceType === RESOURCE_TYPE_LOADBALANCER || fieldResourceType === RESOURCE_TYPE_LISTENER}>
+        <Form.Item
+          name="domain"
+          label={t("workflow_node.deploy.form.aliyun_clb_snidomain.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_clb_snidomain.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.aliyun_clb_snidomain.placeholder")} />
+        </Form.Item>
+      </Show>
     </Form>
   );
 };

ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCLBConfig.tsx

@@ -66,7 +66,7 @@ const DeployNodeConfigFormTencentCloudCLBConfig = ({
         t("workflow_node.deploy.form.tencentcloud_clb_listener_id.placeholder")
       ),
     domain: z
-      .string({ message: t("workflow_node.deploy.form.tencentcloud_clb_domain.placeholder") })
+      .string()
       .nullish()
       .refine((v) => RESOURCE_TYPE_RULEDOMAIN !== fieldResourceType || validDomainName(v!, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
   });

ui/src/i18n/locales/en/nls.workflow.nodes.json

@@ -86,6 +86,9 @@
   "workflow_node.deploy.form.aliyun_alb_listener_id.label": "Aliyun ALB listener ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "Please enter Aliyun ALB listener ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.label": "Aliyun ALB SNI domain (Optional)",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "Please enter Aliyun ALB SNI domain name",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
   "workflow_node.deploy.form.aliyun_clb_resource_type.label": "Resource type",
   "workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "Please select resource type",
   "workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "CLB load balancer",
@@ -99,6 +102,9 @@
   "workflow_node.deploy.form.aliyun_clb_listener_port.label": "Aliyun CLB listener port",
   "workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "Please enter Aliyun CLB listener port",
   "workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.label": "Aliyun CLB SNI domain (Optional)",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "Please enter Aliyun CLB SNI domain name",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
   "workflow_node.deploy.form.aliyun_cdn_domain.label": "Aliyun CDN domain",
   "workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "Please enter Aliyun CDN domain name",
   "workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "For more information, see <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a>",
@@ -262,9 +268,9 @@
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.label": "Tencent Cloud CLB listener ID",
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.placeholder": "Please enter Tencent Cloud CLB listener ID",
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "Tencent Cloud CLB domain (Optional)",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "Tencent Cloud CLB SNI domain (Optional)",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "Please enter Tencent Cloud CLB domain name",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "Please enter Tencent Cloud CLB SNI domain name",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a><br><br>It is optional. If you want to deploy multiple certificates on the same CLB listener, you can fill in this field.",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "Tencent Cloud CLB domain",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "Please enter Tencent Cloud CLB domain name",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",

ui/src/i18n/locales/zh/nls.workflow.nodes.json

@@ -86,6 +86,9 @@
   "workflow_node.deploy.form.aliyun_alb_listener_id.label": "阿里云 ALB 监听器 ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "请输入阿里云 ALB 监听器 ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.label": "阿里云 ALB 扩展域名（可选）",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "请输入阿里云 ALB 扩展域名",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a><br><br>为空时，将替换监听器的默认证书。",
   "workflow_node.deploy.form.aliyun_clb_resource_type.label": "证书替换方式",
   "workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "请选择证书替换方式",
   "workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS 监听的证书",
@@ -96,9 +99,12 @@
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "阿里云 CLB 负载均衡器 ID",
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "请输入阿里云 CLB 负载均衡器 ID",
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
-  "workflow_node.deploy.form.aliyun_clb_listener_id.label": "阿里云 CLB 监听端口",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.label": "阿里云 CLB 监听端口",
-  "workflow_node.deploy.form.aliyun_clb_listener_id.placeholder": "请输入阿里云 CLB 监听端口",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "请输入阿里云 CLB 监听端口",
-  "workflow_node.deploy.form.aliyun_clb_listener_id.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.label": "阿里云 CLB 扩展域名（可选）",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "请输入阿里云 CLB 扩展域名",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a><br><br>为空时，将替换监听器的默认证书。",
   "workflow_node.deploy.form.aliyun_cdn_domain.label": "阿里云 CDN 加速域名（支持泛域名）",
   "workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "请输入阿里云 CDN 加速域名",
   "workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "这是什么？请参阅 <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a><br><br>泛域名表示形式为：*.example.com",
@@ -264,7 +270,7 @@
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
   "workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "腾讯云 CLB SNI 域名（可选）",
   "workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "请输入腾讯云 CLB SNI 域名",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a><br><br>为空时，将替换监听器的默认证书。",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "腾讯云 CLB 七层转发规则域名",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "请输入腾讯云 CLB 七层转发规则域名",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",