refactor: clean code

2025-07-18 17:31:55 +08:00 · 2025-01-15 22:45:02 +08:00 · 2025-01-15 22:45:02 +08:00 · b657405e46
commit b657405e46
parent 974c320925
21 changed files with 68 additions and 68 deletions
--- a/internal/applicant/acme-user.go
+++ b/internal/applicant/acme-user.go
@ -11,7 +11,7 @@ import (
 	"github.com/go-acme/lego/v4/registration"

 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 	"github.com/usual2970/certimate/internal/repository"
 )

@ -38,7 +38,7 @@ func newAcmeUser(ca, email string) (*acmeUser, error) {
 			return nil, err
 		}

-		keyPEM, err := x509.ConvertECPrivateKeyToPEM(key)
+		keyPEM, err := certs.ConvertECPrivateKeyToPEM(key)
 		if err != nil {
 			return nil, err
 		}
@ -62,7 +62,7 @@ func (u acmeUser) GetRegistration() *registration.Resource {
 }

 func (u *acmeUser) GetPrivateKey() crypto.PrivateKey {
-	rs, _ := x509.ParseECPrivateKeyFromPEM(u.privkey)
+	rs, _ := certs.ParseECPrivateKeyFromPEM(u.privkey)
 	return rs
 }

--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@ -20,7 +20,7 @@ import (
 )

 type ApplyCertResult struct {
-	CertificateChain  string
+	CertificateFullChain string
 	IssuerCertificate    string
 	PrivateKey           string
 	ACMECertUrl          string
@ -150,7 +150,7 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 	}

 	return &ApplyCertResult{
-		CertificateChain:  strings.TrimSpace(string(certResource.Certificate)),
+		CertificateFullChain: strings.TrimSpace(string(certResource.Certificate)),
 		IssuerCertificate:    strings.TrimSpace(string(certResource.IssuerCertificate)),
 		PrivateKey:           strings.TrimSpace(string(certResource.PrivateKey)),
 		ACMECertUrl:          certResource.CertURL,
--- a/internal/pkg/core/deployer/providers/k8s-secret/k8s_secret.go
+++ b/internal/pkg/core/deployer/providers/k8s-secret/k8s_secret.go
@ -14,7 +14,7 @@ import (

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type K8sSecretDeployerConfig struct {
@ -75,7 +75,7 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context, certPem string, privkeyP
 		return nil, errors.New("config `secretDataKeyForKey` is required")
 	}

-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/deployer/providers/local/local.go
+++ b/internal/pkg/core/deployer/providers/local/local.go
@ -12,8 +12,8 @@ import (

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
-	"github.com/usual2970/certimate/internal/pkg/utils/fs"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
+	"github.com/usual2970/certimate/internal/pkg/utils/files"
 )

 type LocalDeployerConfig struct {
@ -84,41 +84,41 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s
 	// 写入证书和私钥文件
 	switch d.config.OutputFormat {
 	case OUTPUT_FORMAT_PEM:
-		if err := fs.WriteFileString(d.config.OutputCertPath, certPem); err != nil {
+		if err := files.WriteString(d.config.OutputCertPath, certPem); err != nil {
 			return nil, xerrors.Wrap(err, "failed to save certificate file")
 		}

 		d.logger.Logt("certificate file saved")

-		if err := fs.WriteFileString(d.config.OutputKeyPath, privkeyPem); err != nil {
+		if err := files.WriteString(d.config.OutputKeyPath, privkeyPem); err != nil {
 			return nil, xerrors.Wrap(err, "failed to save private key file")
 		}

 		d.logger.Logt("private key file saved")

 	case OUTPUT_FORMAT_PFX:
-		pfxData, err := x509.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword)
+		pfxData, err := certs.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword)
 		if err != nil {
 			return nil, xerrors.Wrap(err, "failed to transform certificate to PFX")
 		}

 		d.logger.Logt("certificate transformed to PFX")

-		if err := fs.WriteFile(d.config.OutputCertPath, pfxData); err != nil {
+		if err := files.Write(d.config.OutputCertPath, pfxData); err != nil {
 			return nil, xerrors.Wrap(err, "failed to save certificate file")
 		}

 		d.logger.Logt("certificate file saved")

 	case OUTPUT_FORMAT_JKS:
-		jksData, err := x509.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)
+		jksData, err := certs.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)
 		if err != nil {
 			return nil, xerrors.Wrap(err, "failed to transform certificate to JKS")
 		}

 		d.logger.Logt("certificate transformed to JKS")

-		if err := fs.WriteFile(d.config.OutputCertPath, jksData); err != nil {
+		if err := files.Write(d.config.OutputCertPath, jksData); err != nil {
 			return nil, xerrors.Wrap(err, "failed to save certificate file")
 		}

--- a/internal/pkg/core/deployer/providers/ssh/ssh.go
+++ b/internal/pkg/core/deployer/providers/ssh/ssh.go
@ -14,7 +14,7 @@ import (

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type SshDeployerConfig struct {
@ -125,7 +125,7 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str
 		d.logger.Logt("private key file uploaded")

 	case OUTPUT_FORMAT_PFX:
-		pfxData, err := x509.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword)
+		pfxData, err := certs.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword)
 		if err != nil {
 			return nil, xerrors.Wrap(err, "failed to transform certificate to PFX")
 		}
@ -139,7 +139,7 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str
 		d.logger.Logt("certificate file uploaded")

 	case OUTPUT_FORMAT_JKS:
-		jksData, err := x509.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)
+		jksData, err := certs.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)
 		if err != nil {
 			return nil, xerrors.Wrap(err, "failed to transform certificate to JKS")
 		}
--- a/internal/pkg/core/deployer/providers/webhook/webhook.go
+++ b/internal/pkg/core/deployer/providers/webhook/webhook.go
@ -14,7 +14,7 @@ import (

 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type WebhookDeployerConfig struct {
@ -55,7 +55,7 @@ func NewWithLogger(config *WebhookDeployerConfig, logger logger.Logger) (*Webhoo
 }

 func (d *WebhookDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, xerrors.Wrap(err, "failed to parse x509")
 	}
--- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
@ -13,7 +13,7 @@ import (
 	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type AliyunCASUploaderConfig struct {
@ -54,7 +54,7 @@ func New(config *AliyunCASUploaderConfig) (*AliyunCASUploader, error) {

 func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
@ -90,12 +90,12 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP
 					if *getUserCertificateDetailResp.Body.Cert == certPem {
 						isSameCert = true
 					} else {
-						oldCertX509, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert)
+						oldCertX509, err := certs.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert)
 						if err != nil {
 							continue
 						}

-						isSameCert = x509.EqualCertificate(certX509, oldCertX509)
+						isSameCert = certs.EqualCertificate(certX509, oldCertX509)
 					}

 					// 如果已存在相同证书，直接返回已有的证书信息
--- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
+++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
@ -16,7 +16,7 @@ import (
 	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type AliyunSLBUploaderConfig struct {
@ -57,7 +57,7 @@ func New(config *AliyunSLBUploaderConfig) (*AliyunSLBUploader, error) {

 func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
+++ b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
@ -14,7 +14,7 @@ import (
 	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type ByteplusCDNUploaderConfig struct {
@ -48,7 +48,7 @@ func New(config *ByteplusCDNUploaderConfig) (*ByteplusCDNUploader, error) {

 func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@ -17,7 +17,7 @@ import (
 	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
 )

@ -59,7 +59,7 @@ func New(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error)

 func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
@ -85,12 +85,12 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 				if certDetail.Certificate == certPem {
 					isSameCert = true
 				} else {
-					oldCertX509, err := x509.ParseCertificateFromPEM(certDetail.Certificate)
+					oldCertX509, err := certs.ParseCertificateFromPEM(certDetail.Certificate)
 					if err != nil {
 						continue
 					}

-					isSameCert = x509.EqualCertificate(certX509, oldCertX509)
+					isSameCert = certs.EqualCertificate(certX509, oldCertX509)
 				}

 				// 如果已存在相同证书，直接返回已有的证书信息
--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@ -13,7 +13,7 @@ import (
 	xerrors "github.com/pkg/errors"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
 )

@ -55,7 +55,7 @@ func New(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error)

 func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
@ -94,12 +94,12 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 				if *exportCertificateResp.Certificate == certPem {
 					isSameCert = true
 				} else {
-					oldCertX509, err := x509.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
+					oldCertX509, err := certs.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
 					if err != nil {
 						continue
 					}

-					isSameCert = x509.EqualCertificate(certX509, oldCertX509)
+					isSameCert = certs.EqualCertificate(certX509, oldCertX509)
 				}

 				// 如果已存在相同证书，直接返回已有的证书信息
--- a/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
+++ b/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
@ -10,7 +10,7 @@ import (
 	"github.com/qiniu/go-sdk/v7/auth"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
 )

@ -49,7 +49,7 @@ func New(config *QiniuSSLCertUploaderConfig) (*QiniuSSLCertUploader, error) {

 func (u *QiniuSSLCertUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go
+++ b/internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go
@ -16,7 +16,7 @@ import (
 	uAuth "github.com/ucloud/ucloud-sdk-go/ucloud/auth"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	x509util "github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 	usdkSsl "github.com/usual2970/certimate/internal/pkg/vendors/ucloud-sdk/ussl"
 )

@ -94,7 +94,7 @@ func (u *UCloudUSSLUploader) Upload(ctx context.Context, certPem string, privkey

 func (u *UCloudUSSLUploader) getExistCert(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509util.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
@ -15,7 +15,7 @@ import (
 	ve "github.com/volcengine/volcengine-go-sdk/volcengine"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type VolcEngineCDNUploaderConfig struct {
@ -49,7 +49,7 @@ func New(config *VolcEngineCDNUploaderConfig) (*VolcEngineCDNUploader, error) {

 func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
@ -12,7 +12,7 @@ import (
 	ve "github.com/volcengine/volcengine-go-sdk/volcengine"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 )

 type VolcEngineLiveUploaderConfig struct {
@ -46,7 +46,7 @@ func New(config *VolcEngineLiveUploaderConfig) (*VolcEngineLiveUploader, error)

 func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
 	// 解析证书内容
-	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	certX509, err := certs.ParseCertificateFromPEM(certPem)
 	if err != nil {
 		return nil, err
 	}
@ -75,12 +75,12 @@ func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, pri
 			if certificate == certPem {
 				isSameCert = true
 			} else {
-				oldCertX509, err := x509.ParseCertificateFromPEM(certificate)
+				oldCertX509, err := certs.ParseCertificateFromPEM(certificate)
 				if err != nil {
 					continue
 				}

-				isSameCert = x509.EqualCertificate(certX509, oldCertX509)
+				isSameCert = certs.EqualCertificate(certX509, oldCertX509)
 			}

 			// 如果已存在相同证书，直接返回已有的证书信息
--- a/internal/pkg/utils/certs/common.go
+++ b/internal/pkg/utils/certs/common.go
@ -1,4 +1,4 @@
-package x509
+package certs

 import (
 	"crypto/x509"
--- a/internal/pkg/utils/certs/converter.go
+++ b/internal/pkg/utils/certs/converter.go
@ -1,4 +1,4 @@
-package x509
+package certs

 import (
 	"crypto/ecdsa"
--- a/internal/pkg/utils/certs/parser.go
+++ b/internal/pkg/utils/certs/parser.go
@ -1,4 +1,4 @@
-package x509
+package certs

 import (
 	"crypto/ecdsa"
--- a/internal/pkg/utils/certs/transformer.go
+++ b/internal/pkg/utils/certs/transformer.go
@ -1,4 +1,4 @@
-package x509
+package certs

 import (
 	"bytes"
--- a/internal/pkg/utils/files/files.go
+++ b/internal/pkg/utils/files/files.go
@ -1,4 +1,4 @@
-package fs
+package files

 import (
 	"os"
@ -7,7 +7,7 @@ import (
 	xerrors "github.com/pkg/errors"
 )

-// 与 [WriteFile] 类似，但写入的是字符串内容。
+// 与 [Write] 类似，但写入的是字符串内容。
 //
 // 入参:
 //   - path: 文件路径。
@ -15,8 +15,8 @@ import (
 //
 // 出参:
 //   - 错误。
-func WriteFileString(path string, content string) error {
-	return WriteFile(path, []byte(content))
+func WriteString(path string, content string) error {
+	return Write(path, []byte(content))
 }

 // 将数据写入指定路径的文件。
@ -29,7 +29,7 @@ func WriteFileString(path string, content string) error {
 //
 // 出参:
 //   - 错误。
-func WriteFile(path string, data []byte) error {
+func Write(path string, data []byte) error {
 	dir := filepath.Dir(path)

 	err := os.MkdirAll(dir, os.ModePerm)
--- a/internal/workflow/node-processor/apply_node.go
+++ b/internal/workflow/node-processor/apply_node.go
@ -7,7 +7,7 @@ import (

 	"github.com/usual2970/certimate/internal/applicant"
 	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/usual2970/certimate/internal/pkg/utils/certs"
 	"github.com/usual2970/certimate/internal/repository"
 )

@ -89,7 +89,7 @@ func (a *applyNode) Run(ctx context.Context) error {
 		Outputs:    a.node.Outputs,
 	}

-	certX509, err := x509.ParseCertificateFromPEM(applyResult.CertificateChain)
+	certX509, err := certs.ParseCertificateFromPEM(applyResult.CertificateFullChain)
 	if err != nil {
 		a.AddOutput(ctx, a.node.Name, "解析证书失败", err.Error())
 		return err
@ -98,7 +98,7 @@ func (a *applyNode) Run(ctx context.Context) error {
 	certificate := &domain.Certificate{
 		Source:            domain.CertificateSourceTypeWorkflow,
 		SubjectAltNames:   strings.Join(certX509.DNSNames, ";"),
-		Certificate:       applyResult.CertificateChain,
+		Certificate:       applyResult.CertificateFullChain,
 		PrivateKey:        applyResult.PrivateKey,
 		IssuerCertificate: applyResult.IssuerCertificate,
 		ACMECertUrl:       applyResult.ACMECertUrl,