refactor: clean code

internal/deployer/volcengine_cdn.go

@@ -29,7 +29,7 @@ func NewVolcengineCDNDeployer(option *DeployerOption) (Deployer, error) {
 	client := cdn.NewInstance()
 	client.Client.SetAccessKey(access.AccessKeyID)
 	client.Client.SetSecretKey(access.SecretAccessKey)
-	uploader, err := volcenginecdn.New(&volcenginecdn.VolcengineCDNUploaderConfig{
+	uploader, err := volcenginecdn.New(&volcenginecdn.VolcEngineCDNUploaderConfig{
 		AccessKeyId:     access.AccessKeyID,
 		AccessKeySecret: access.SecretAccessKey,
 	})

internal/deployer/volcengine_live.go

@@ -33,7 +33,7 @@ func NewVolcengineLiveDeployer(option *DeployerOption) (Deployer, error) {
 		AccessKeyID:     access.AccessKeyID,
 		SecretAccessKey: access.SecretAccessKey,
 	})
-	uploader, err := volcenginelive.New(&volcenginelive.VolcengineLiveUploaderConfig{
+	uploader, err := volcenginelive.New(&volcenginelive.VolcEngineLiveUploaderConfig{
 		AccessKeyId:     access.AccessKeyID,
 		AccessKeySecret: access.SecretAccessKey,
 	})

internal/pkg/core/deployer/providers/local/local.go

@@ -83,13 +83,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s
 	switch d.config.OutputFormat {
 	case "", OUTPUT_FORMAT_PEM:
 		if err := fs.WriteFileString(d.config.OutputCertPath, certPem); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to save certificate file")
 		}
 
 		d.logger.Appendt("certificate file saved")
 
 		if err := fs.WriteFileString(d.config.OutputKeyPath, privkeyPem); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to save private key file")
 		}
 
 		d.logger.Appendt("private key file saved")
@@ -97,13 +97,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s
 	case OUTPUT_FORMAT_PFX:
 		pfxData, err := x509.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword)
 		if err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to transform certificate to PFX")
 		}
 
 		d.logger.Appendt("certificate transformed to PFX")
 
 		if err := fs.WriteFile(d.config.OutputCertPath, pfxData); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to save certificate file")
 		}
 
 		d.logger.Appendt("certificate file saved")
@@ -111,13 +111,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s
 	case OUTPUT_FORMAT_JKS:
 		jksData, err := x509.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)
 		if err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to transform certificate to JKS")
 		}
 
 		d.logger.Appendt("certificate transformed to JKS")
 
 		if err := fs.WriteFile(d.config.OutputCertPath, jksData); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to save certificate file")
 		}
 
 		d.logger.Appendt("certificate file uploaded")

internal/pkg/core/deployer/providers/ssh/ssh.go

@@ -91,7 +91,7 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str
 		d.config.SshKeyPassphrase,
 	)
 	if err != nil {
-		return nil, err
+		return nil, xerrors.Wrap(err, "failed to create ssh client")
 	}
 	defer client.Close()
 
@@ -111,13 +111,13 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str
 	switch d.config.OutputFormat {
 	case "", OUTPUT_FORMAT_PEM:
 		if err := writeSftpFileString(client, d.config.OutputCertPath, certPem); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to upload certificate file")
 		}
 
 		d.logger.Appendt("certificate file uploaded")
 
 		if err := writeSftpFileString(client, d.config.OutputKeyPath, privkeyPem); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to upload private key file")
 		}
 
 		d.logger.Appendt("private key file uploaded")
@@ -125,13 +125,13 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str
 	case OUTPUT_FORMAT_PFX:
 		pfxData, err := x509.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword)
 		if err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to transform certificate to PFX")
 		}
 
 		d.logger.Appendt("certificate transformed to PFX")
 
 		if err := writeSftpFile(client, d.config.OutputCertPath, pfxData); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to upload certificate file")
 		}
 
 		d.logger.Appendt("certificate file uploaded")
@@ -139,13 +139,13 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str
 	case OUTPUT_FORMAT_JKS:
 		jksData, err := x509.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)
 		if err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to transform certificate to JKS")
 		}
 
 		d.logger.Appendt("certificate transformed to JKS")
 
 		if err := writeSftpFile(client, d.config.OutputCertPath, jksData); err != nil {
-			return nil, err
+			return nil, xerrors.Wrap(err, "failed to upload certificate file")
 		}
 
 		d.logger.Appendt("certificate file uploaded")
@@ -205,7 +205,7 @@ func createSshClient(host string, port int32, username string, password string,
 func execSshCommand(sshCli *ssh.Client, command string) (string, string, error) {
 	session, err := sshCli.NewSession()
 	if err != nil {
-		return "", "", xerrors.Wrap(err, "failed to create ssh session")
+		return "", "", err
 	}
 
 	defer session.Close()
@@ -215,7 +215,7 @@ func execSshCommand(sshCli *ssh.Client, command string) (string, string, error)
 	session.Stderr = &stderrBuf
 	err = session.Run(command)
 	if err != nil {
-		return "", "", xerrors.Wrap(err, "failed to execute ssh command")
+		return "", "", err
 	}
 
 	return stdoutBuf.String(), stderrBuf.String(), nil

internal/pkg/core/deployer/providers/webhook/webhook.go

@@ -58,7 +58,7 @@ type webhookData struct {
 func (d *WebhookDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
 	certX509, err := x509.ParseCertificateFromPEM(certPem)
 	if err != nil {
-		return nil, err
+		return nil, xerrors.Wrap(err, "failed to parse x509")
 	}
 
 	data := &webhookData{

internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go

@@ -144,11 +144,6 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Cl
 		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
 	}
 
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-
 	var endpoint string
 	switch region {
 	case "cn-hangzhou":
@@ -156,9 +151,14 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Cl
 	default:
 		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
 	}
-	aConfig.Endpoint = tea.String(endpoint)
 
-	client, err := aliyunCas.NewClient(aConfig)
+	config := &aliyunOpen.Config{
+		Endpoint:        tea.String(endpoint),
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	client, err := aliyunCas.NewClient(config)
 	if err != nil {
 		return nil, err
 	}

internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go

@@ -121,11 +121,6 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Cl
 		region = "cn-hangzhou" // SLB 服务默认区域：华东一杭州
 	}
 
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-
 	var endpoint string
 	switch region {
 	case
@@ -137,9 +132,14 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Cl
 	default:
 		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
 	}
-	aConfig.Endpoint = tea.String(endpoint)
 
-	client, err := aliyunSlb.NewClient(aConfig)
+	config := &aliyunOpen.Config{
+		Endpoint:        tea.String(endpoint),
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	client, err := aliyunSlb.NewClient(config)
 	if err != nil {
 		return nil, err
 	}

internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go

@@ -2,6 +2,7 @@ package bytepluscdn
 
 import (
 	"context"
+	"crypto/sha1"
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
@@ -9,9 +10,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
+	bpCdn "github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
 	xerrors "github.com/pkg/errors"
+
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )
 
@@ -22,7 +25,7 @@ type ByteplusCDNUploaderConfig struct {
 
 type ByteplusCDNUploader struct {
 	config    *ByteplusCDNUploaderConfig
-	sdkClient *cdn.CDN
+	sdkClient *bpCdn.CDN
 }
 
 var _ uploader.Uploader = (*ByteplusCDNUploader)(nil)
@@ -32,14 +35,13 @@ func New(config *ByteplusCDNUploaderConfig) (*ByteplusCDNUploader, error) {
 		return nil, errors.New("config is nil")
 	}
 
-	instance := cdn.NewInstance()
-	client := instance.Client
-	client.SetAccessKey(config.AccessKey)
-	client.SetSecretKey(config.SecretKey)
+	client := bpCdn.NewInstance()
+	client.Client.SetAccessKey(config.AccessKey)
+	client.Client.SetSecretKey(config.SecretKey)
 
 	return &ByteplusCDNUploader{
 		config:    config,
-		sdkClient: instance,
+		sdkClient: client,
 	}, nil
 }
 
@@ -49,17 +51,17 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
 	if err != nil {
 		return nil, err
 	}
+
 	// 查询证书列表，避免重复上传
 	// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-listcertinfo
-	pageNum := int64(1)
-	pageSize := int64(100)
-	certSource := "cert_center"
-	listCertInfoReq := &cdn.ListCertInfoRequest{
-		PageNum:  &pageNum,
-		PageSize: &pageSize,
-		Source:   &certSource,
+	listCertInfoPageNum := int64(1)
+	listCertInfoPageSize := int64(100)
+	listCertInfoTotal := 0
+	listCertInfoReq := &bpCdn.ListCertInfoRequest{
+		PageNum:  cast.Int64Ptr(listCertInfoPageNum),
+		PageSize: cast.Int64Ptr(listCertInfoPageSize),
+		Source:   cast.StringPtr("cert_center"),
 	}
-	searchTotal := 0
 	for {
 		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
 		if err != nil {
@@ -68,8 +70,10 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
 
 		if listCertInfoResp.Result.CertInfo != nil {
 			for _, certDetail := range listCertInfoResp.Result.CertInfo {
-				hash := sha256.Sum256(certX509.Raw)
-				isSameCert := strings.EqualFold(hex.EncodeToString(hash[:]), certDetail.CertFingerprint.Sha256)
+				fingerprintSha1 := sha1.Sum(certX509.Raw)
+				fingerprintSha256 := sha256.Sum256(certX509.Raw)
+				isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) &&
+					strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256)
 				// 如果已存在相同证书，直接返回已有的证书信息
 				if isSameCert {
 					return &uploader.UploadResult{
@@ -80,23 +84,26 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
 			}
 		}
 
-		searchTotal += len(listCertInfoResp.Result.CertInfo)
-		if int(listCertInfoResp.Result.Total) > searchTotal {
-			pageNum++
-		} else {
+		listCertInfoLen := len(listCertInfoResp.Result.CertInfo)
+		if listCertInfoLen < int(listCertInfoPageSize) || int(listCertInfoResp.Result.Total) <= listCertInfoTotal+listCertInfoLen {
 			break
+		} else {
+			listCertInfoPageNum++
+			listCertInfoTotal += listCertInfoLen
 		}
-
 	}
+
+	// 生成新证书名（需符合 BytePlus 命名规则）
 	var certId, certName string
 	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
 	// 上传新证书
 	// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-addcertificate
-	addCertificateReq := &cdn.AddCertificateRequest{
+	addCertificateReq := &bpCdn.AddCertificateRequest{
 		Certificate: certPem,
 		PrivateKey:  privkeyPem,
-		Source:      &certSource,
-		Desc:        &certName,
+		Source:      cast.StringPtr("cert_center"),
+		Desc:        cast.StringPtr(certName),
 	}
 	addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
 	if err != nil {

internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go

@@ -2,6 +2,7 @@ package volcenginecdn
 
 import (
 	"context"
+	"crypto/sha1"
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
@@ -10,56 +11,57 @@ import (
 	"time"
 
 	xerrors "github.com/pkg/errors"
+	veCdn "github.com/volcengine/volc-sdk-golang/service/cdn"
+
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
-	"github.com/volcengine/volc-sdk-golang/service/cdn"
 )
 
-type VolcengineCDNUploaderConfig struct {
+type VolcEngineCDNUploaderConfig struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	AccessKeySecret string `json:"accessKeySecret"`
 }
 
-type VolcengineCDNUploader struct {
-	config    *VolcengineCDNUploaderConfig
-	sdkClient *cdn.CDN
+type VolcEngineCDNUploader struct {
+	config    *VolcEngineCDNUploaderConfig
+	sdkClient *veCdn.CDN
 }
 
-var _ uploader.Uploader = (*VolcengineCDNUploader)(nil)
+var _ uploader.Uploader = (*VolcEngineCDNUploader)(nil)
 
-func New(config *VolcengineCDNUploaderConfig) (*VolcengineCDNUploader, error) {
+func New(config *VolcEngineCDNUploaderConfig) (*VolcEngineCDNUploader, error) {
 	if config == nil {
 		return nil, errors.New("config is nil")
 	}
 
-	instance := cdn.NewInstance()
-	client := instance.Client
-	client.SetAccessKey(config.AccessKeyId)
-	client.SetSecretKey(config.AccessKeySecret)
+	client := veCdn.NewInstance()
+	client.Client.SetAccessKey(config.AccessKeyId)
+	client.Client.SetSecretKey(config.AccessKeySecret)
 
-	return &VolcengineCDNUploader{
+	return &VolcEngineCDNUploader{
 		config:    config,
-		sdkClient: instance,
+		sdkClient: client,
 	}, nil
 }
 
-func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
 	certX509, err := x509.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
+
 	// 查询证书列表，避免重复上传
 	// REF: https://www.volcengine.com/docs/6454/125709
-	pageNum := int64(1)
-	pageSize := int64(100)
-	certSource := "volc_cert_center"
-	listCertInfoReq := &cdn.ListCertInfoRequest{
-		PageNum:  &pageNum,
-		PageSize: &pageSize,
-		Source:   certSource,
+	listCertInfoPageNum := int64(1)
+	listCertInfoPageSize := int64(100)
+	listCertInfoTotal := 0
+	listCertInfoReq := &veCdn.ListCertInfoRequest{
+		PageNum:  cast.Int64Ptr(listCertInfoPageNum),
+		PageSize: cast.Int64Ptr(listCertInfoPageSize),
+		Source:   "volc_cert_center",
 	}
-	searchTotal := 0
 	for {
 		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
 		if err != nil {
@@ -68,8 +70,10 @@ func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, priv
 
 		if listCertInfoResp.Result.CertInfo != nil {
 			for _, certDetail := range listCertInfoResp.Result.CertInfo {
-				hash := sha256.Sum256(certX509.Raw)
-				isSameCert := strings.EqualFold(hex.EncodeToString(hash[:]), certDetail.CertFingerprint.Sha256)
+				fingerprintSha1 := sha1.Sum(certX509.Raw)
+				fingerprintSha256 := sha256.Sum256(certX509.Raw)
+				isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) &&
+					strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256)
 				// 如果已存在相同证书，直接返回已有的证书信息
 				if isSameCert {
 					return &uploader.UploadResult{
@@ -80,24 +84,26 @@ func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, priv
 			}
 		}
 
-		searchTotal += len(listCertInfoResp.Result.CertInfo)
-		if int(listCertInfoResp.Result.Total) > searchTotal {
-			pageNum++
-		} else {
+		listCertInfoLen := len(listCertInfoResp.Result.CertInfo)
+		if listCertInfoLen < int(listCertInfoPageSize) || int(listCertInfoResp.Result.Total) <= listCertInfoTotal+listCertInfoLen {
 			break
+		} else {
+			listCertInfoPageNum++
+			listCertInfoTotal += listCertInfoLen
 		}
-
 	}
+
 	// 生成新证书名（需符合火山引擎命名规则）
 	var certId, certName string
 	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
 	// 上传新证书
 	// REF: https://www.volcengine.com/docs/6454/1245763
-	addCertificateReq := &cdn.AddCertificateRequest{
+	addCertificateReq := &veCdn.AddCertificateRequest{
 		Certificate: certPem,
 		PrivateKey:  privkeyPem,
-		Source:      &certSource,
-		Desc:        &certName,
+		Source:      cast.StringPtr("volc_cert_center"),
+		Desc:        cast.StringPtr(certName),
 	}
 	addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
 	if err != nil {

internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go

@@ -8,77 +8,79 @@ import (
 	"time"
 
 	xerrors "github.com/pkg/errors"
+	veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
+
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
-	live "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
 )
 
-type VolcengineLiveUploaderConfig struct {
+type VolcEngineLiveUploaderConfig struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	AccessKeySecret string `json:"accessKeySecret"`
 }
 
-type VolcengineLiveUploader struct {
-	config    *VolcengineLiveUploaderConfig
-	sdkClient *live.Live
+type VolcEngineLiveUploader struct {
+	config    *VolcEngineLiveUploaderConfig
+	sdkClient *veLive.Live
 }
 
-var _ uploader.Uploader = (*VolcengineLiveUploader)(nil)
+var _ uploader.Uploader = (*VolcEngineLiveUploader)(nil)
 
-func New(config *VolcengineLiveUploaderConfig) (*VolcengineLiveUploader, error) {
+func New(config *VolcEngineLiveUploaderConfig) (*VolcEngineLiveUploader, error) {
 	if config == nil {
 		return nil, errors.New("config is nil")
 	}
 
-	client := live.NewInstance()
+	client := veLive.NewInstance()
 	client.SetAccessKey(config.AccessKeyId)
 	client.SetSecretKey(config.AccessKeySecret)
 
-	return &VolcengineLiveUploader{
+	return &VolcEngineLiveUploader{
 		config:    config,
 		sdkClient: client,
 	}, nil
 }
 
-func (u *VolcengineLiveUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
 	certX509, err := x509.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
+
 	// 查询证书列表，避免重复上传
 	// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E8%AF%A2%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8
-	listCertReq := &live.ListCertV2Body{}
+	listCertReq := &veLive.ListCertV2Body{}
 	listCertResp, err := u.sdkClient.ListCertV2(ctx, listCertReq)
 	if err != nil {
 		return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.ListCertV2'")
 	}
-
 	if listCertResp.Result.CertList != nil {
 		for _, certDetail := range listCertResp.Result.CertList {
-
-			describeCertDetailSecretReq := &live.DescribeCertDetailSecretV2Body{
-				ChainID: cast.StringPtr(certDetail.ChainID),
-			}
 			// 查询证书详细信息
 			// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85
-			describeCertDetailSecretResp, detailErr := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
-			if detailErr != nil {
+			describeCertDetailSecretReq := &veLive.DescribeCertDetailSecretV2Body{
+				ChainID: cast.StringPtr(certDetail.ChainID),
+			}
+			describeCertDetailSecretResp, err := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
+			if err != nil {
 				continue
 			}
+
 			var isSameCert bool
 			certificate := strings.Join(describeCertDetailSecretResp.Result.SSL.Chain, "\n\n")
 			if certificate == certPem {
 				isSameCert = true
 			} else {
-				cert, err := x509.ParseCertificateFromPEM(certificate)
+				oldCertX509, err := x509.ParseCertificateFromPEM(certificate)
 				if err != nil {
 					continue
 				}
 
-				isSameCert = x509.EqualCertificate(cert, certX509)
+				isSameCert = x509.EqualCertificate(certX509, oldCertX509)
 			}
+
 			// 如果已存在相同证书，直接返回已有的证书信息
 			if isSameCert {
 				return &uploader.UploadResult{
@@ -92,13 +94,14 @@ func (u *VolcengineLiveUploader) Upload(ctx context.Context, certPem string, pri
 	// 生成新证书名（需符合火山引擎命名规则）
 	var certId, certName string
 	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
 	// 上传新证书
 	// REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6
-	createCertReq := &live.CreateCertBody{
+	createCertReq := &veLive.CreateCertBody{
 		CertName:    &certName,
 		UseWay:      "https",
 		ProjectName: cast.StringPtr("default"),
-		Rsa: live.CreateCertBodyRsa{
+		Rsa: veLive.CreateCertBodyRsa{
 			Prikey: privkeyPem,
 			Pubkey: certPem,
 		},