From 21cc1d43deceffdd89c631e791be43745147e681 Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Mon, 13 Jan 2025 20:02:57 +0800
Subject: [PATCH 1/6] feat: support sni domain on deployment to aliyun clb &
 alb

---
 internal/deployer/providers.go                |   7 +-
 .../providers/aliyun-alb/aliyun_alb.go        | 258 ++++++++++++++----
 .../providers/aliyun-alb/aliyun_alb_test.go   |   8 +-
 .../providers/aliyun-clb/aliyun_clb.go        | 147 +++++-----
 .../providers/aliyun-clb/aliyun_clb_test.go   |   8 +-
 .../providers/aliyun-nlb/aliyun_nlb.go        |  31 +--
 .../workflow/node/DeployNodeConfigForm.tsx    |   2 +-
 .../DeployNodeConfigFormAliyunALBConfig.tsx   |  20 ++
 .../DeployNodeConfigFormAliyunCLBConfig.tsx   |  21 +-
 ...loyNodeConfigFormTencentCloudCLBConfig.tsx |   2 +-
 .../i18n/locales/en/nls.workflow.nodes.json   |  12 +-
 .../i18n/locales/zh/nls.workflow.nodes.json   |  14 +-
 12 files changed, 383 insertions(+), 147 deletions(-)

diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index 56427064..7abd7185 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -59,6 +59,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 					ResourceType:    providerAliyunALB.DeployResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(options.ProviderDeployConfig, "loadbalancerId"),
 					ListenerId:      maps.GetValueAsString(options.ProviderDeployConfig, "listenerId"),
+					Domain:          maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err
 
@@ -77,7 +78,8 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 					Region:          maps.GetValueAsString(options.ProviderDeployConfig, "region"),
 					ResourceType:    providerAliyunCLB.DeployResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerPort:    maps.GetValueAsInt32(options.ProviderDeployConfig, "listenerPort"),
+					ListenerPort:    maps.GetValueOrDefaultAsInt32(options.ProviderDeployConfig, "listenerPort", 443),
+					Domain:          maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err
 
@@ -251,10 +253,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 				return nil, nil, fmt.Errorf("failed to decode provider access config: %w", err)
 			}
 
-			sshPort := access.Port
 			deployer, err := providerSSH.NewWithLogger(&providerSSH.SshDeployerConfig{
 				SshHost:          access.Host,
-				SshPort:          int32(sshPort),
+				SshPort:          access.Port,
 				SshUsername:      access.Username,
 				SshPassword:      access.Password,
 				SshKey:           access.Key,
diff --git a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
index a92b4d33..355f4c0b 100644
--- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
@@ -4,12 +4,16 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strconv"
 	"strings"
+	"time"
 
 	aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
+	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
 	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	"github.com/alibabacloud-go/tea/tea"
 	xerrors "github.com/pkg/errors"
+	"golang.org/x/exp/slices"
 
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
@@ -32,17 +36,25 @@ type AliyunALBDeployerConfig struct {
 	// 负载均衡监听 ID。
 	// 部署资源类型为 [DEPLOY_RESOURCE_LISTENER] 时必填。
 	ListenerId string `json:"listenerId,omitempty"`
+	// SNI 域名（支持泛域名）。
+	// 部署资源类型为 [DEPLOY_RESOURCE_LOADBALANCER]、[DEPLOY_RESOURCE_LISTENER] 时选填。
+	Domain string `json:"domain,omitempty"`
 }
 
 type AliyunALBDeployer struct {
 	config      *AliyunALBDeployerConfig
 	logger      logger.Logger
-	sdkClient   *aliyunAlb.Client
+	sdkClients  *wSdkClients
 	sslUploader uploader.Uploader
 }
 
 var _ deployer.Deployer = (*AliyunALBDeployer)(nil)
 
+type wSdkClients struct {
+	alb *aliyunAlb.Client
+	cas *aliyunCas.Client
+}
+
 func New(config *AliyunALBDeployerConfig) (*AliyunALBDeployer, error) {
 	return NewWithLogger(config, logger.NewNilLogger())
 }
@@ -56,9 +68,9 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
 		return nil, errors.New("logger is nil")
 	}
 
-	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
 	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
+		return nil, xerrors.Wrap(err, "failed to create sdk clients")
 	}
 
 	aliyunCasRegion := config.Region
@@ -84,7 +96,7 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
 	return &AliyunALBDeployer{
 		logger:      logger,
 		config:      config,
-		sdkClient:   client,
+		sdkClients:  clients,
 		sslUploader: uploader,
 	}, nil
 }
@@ -122,14 +134,12 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerIds := make([]string, 0)
-
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
 	getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
 		LoadBalancerId: tea.String(d.config.LoadbalancerId),
 	}
-	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
+	getLoadBalancerAttributeResp, err := d.sdkClients.alb.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
 	if err != nil {
 		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
 	}
@@ -138,7 +148,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 HTTPS 监听列表
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
-	listListenersPage := 1
+	listenerIds := make([]string, 0)
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
@@ -148,7 +158,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("HTTPS"),
 		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
 		if err != nil {
 			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
 		}
@@ -163,7 +173,6 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			break
 		} else {
 			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
@@ -171,7 +180,6 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 QUIC 监听列表
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
-	listListenersPage = 1
 	listListenersToken = nil
 	for {
 		listListenersReq := &aliyunAlb.ListListenersRequest{
@@ -180,7 +188,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			LoadBalancerIds:  []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("QUIC"),
 		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
+		listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
 		if err != nil {
 			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
 		}
@@ -195,21 +203,26 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			break
 		} else {
 			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
 	d.logger.Logt("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", listenerIds)
 
-	// 批量更新监听证书
-	var errs []error
-	for _, listenerId := range listenerIds {
-		if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
-			errs = append(errs, err)
+	// 遍历更新监听证书
+	if len(listenerIds) == 0 {
+		return xerrors.New("listener not found")
+	} else {
+		var errs []error
+
+		for _, listenerId := range listenerIds {
+			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -234,57 +247,202 @@ func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, cloud
 	getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
 		ListenerId: tea.String(cloudListenerId),
 	}
-	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
+	getListenerAttributeResp, err := d.sdkClients.alb.GetListenerAttribute(getListenerAttributeReq)
 	if err != nil {
 		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
 	}
 
 	d.logger.Logt("已查询到 ALB 监听配置", getListenerAttributeResp)
 
-	// 修改监听的属性
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
-	updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
-		ListenerId: tea.String(cloudListenerId),
-		Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
-			CertificateId: tea.String(cloudCertId),
-		}},
-	}
-	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
-	}
+	if d.config.Domain == "" {
+		// 未指定 SNI，只需部署到监听器
 
-	d.logger.Logt("已更新 ALB 监听配置", updateListenerAttributeResp)
+		// 修改监听的属性
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
+		updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
+			ListenerId: tea.String(cloudListenerId),
+			Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
+				CertificateId: tea.String(cloudCertId),
+			}},
+		}
+		updateListenerAttributeResp, err := d.sdkClients.alb.UpdateListenerAttribute(updateListenerAttributeReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
+		}
 
-	// TODO: #347
+		d.logger.Logt("已更新 ALB 监听配置", updateListenerAttributeResp)
+	} else {
+		// 指定 SNI，需部署到扩展域名（支持泛域名）
+
+		// 查询监听证书列表
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
+		listenerCertificates := make([]aliyunAlb.ListListenerCertificatesResponseBodyCertificates, 0)
+		listListenerCertificatesLimit := int32(100)
+		var listListenerCertificatesToken *string = nil
+		for {
+			listListenerCertificatesReq := &aliyunAlb.ListListenerCertificatesRequest{
+				NextToken:       listListenerCertificatesToken,
+				MaxResults:      tea.Int32(listListenerCertificatesLimit),
+				ListenerId:      tea.String(cloudListenerId),
+				CertificateType: tea.String("Server"),
+			}
+			listListenerCertificatesResp, err := d.sdkClients.alb.ListListenerCertificates(listListenerCertificatesReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListenerCertificates'")
+			}
+
+			if listListenerCertificatesResp.Body.Certificates != nil {
+				for _, listenerCertificate := range listListenerCertificatesResp.Body.Certificates {
+					listenerCertificates = append(listenerCertificates, *listenerCertificate)
+				}
+			}
+
+			if len(listListenerCertificatesResp.Body.Certificates) == 0 || listListenerCertificatesResp.Body.NextToken == nil {
+				break
+			} else {
+				listListenerCertificatesToken = listListenerCertificatesResp.Body.NextToken
+			}
+		}
+
+		d.logger.Logt("已查询到 ALB 监听下全部证书", listenerCertificates)
+
+		// 遍历查询监听证书，并找出需要解除关联的证书
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
+		// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
+		certificateIsAssociated := false
+		certificateIdsExpired := make([]string, 0)
+		if len(listenerCertificates) > 0 {
+			var errs []error
+
+			for _, listenerCertificate := range listenerCertificates {
+				if *listenerCertificate.CertificateId == cloudCertId {
+					certificateIsAssociated = true
+					continue
+				}
+
+				if *listenerCertificate.IsDefault || !strings.EqualFold(*listenerCertificate.Status, "Associated") {
+					continue
+				}
+
+				listenerCertificateId, err := strconv.ParseInt(*listenerCertificate.CertificateId, 10, 64)
+				if err != nil {
+					errs = append(errs, err)
+					continue
+				}
+
+				getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
+					CertId: tea.Int64(listenerCertificateId),
+				}
+				getUserCertificateDetailResp, err := d.sdkClients.cas.GetUserCertificateDetail(getUserCertificateDetailReq)
+				if err != nil {
+					errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'"))
+					continue
+				}
+
+				certCnMatched := getUserCertificateDetailResp.Body.Common != nil && *getUserCertificateDetailResp.Body.Common == d.config.Domain
+				certSanMatched := getUserCertificateDetailResp.Body.Sans != nil && slices.Contains(strings.Split(*getUserCertificateDetailResp.Body.Sans, ","), d.config.Domain)
+				if !certCnMatched && !certSanMatched {
+					continue
+				}
+
+				certEndDate, _ := time.Parse("2006-01-02", *getUserCertificateDetailResp.Body.EndDate)
+				if time.Now().Before(certEndDate) {
+					continue
+				}
+
+				certificateIdsExpired = append(certificateIdsExpired, *listenerCertificate.CertificateId)
+			}
+
+			if len(errs) > 0 {
+				return errors.Join(errs...)
+			}
+		}
+
+		// 关联监听和扩展证书
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener
+		if !certificateIsAssociated {
+			associateAdditionalCertificatesFromListenerReq := &aliyunAlb.AssociateAdditionalCertificatesWithListenerRequest{
+				ListenerId: tea.String(cloudListenerId),
+				Certificates: []*aliyunAlb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
+					{
+						CertificateId: tea.String(cloudCertId),
+					},
+				},
+			}
+			associateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesFromListenerReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'alb.AssociateAdditionalCertificatesWithListener'")
+			}
+
+			d.logger.Logt("已关联 ALB 监听和扩展证书", associateAdditionalCertificatesFromListenerResp)
+		}
+
+		// 解除关联监听和扩展证书
+		// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener
+		if len(certificateIdsExpired) > 0 {
+			dissociateAdditionalCertificates := make([]*aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
+			for _, certificateId := range certificateIdsExpired {
+				dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
+					CertificateId: tea.String(certificateId),
+				})
+			}
+
+			dissociateAdditionalCertificatesFromListenerReq := &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequest{
+				ListenerId:   tea.String(cloudListenerId),
+				Certificates: dissociateAdditionalCertificates,
+			}
+			dissociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.DissociateAdditionalCertificatesFromListener(dissociateAdditionalCertificatesFromListenerReq)
+			if err != nil {
+				return xerrors.Wrap(err, "failed to execute sdk request 'alb.DissociateAdditionalCertificatesFromListener'")
+			}
+
+			d.logger.Logt("已解除关联 ALB 监听和扩展证书", dissociateAdditionalCertificatesFromListenerResp)
+		}
+	}
 
 	return nil
 }
 
-func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunAlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou"
-	}
-
-	// 接入点一览 https://www.alibabacloud.com/help/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-endpoint
-	var endpoint string
+func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
+	// 接入点一览 https://www.alibabacloud.com/help/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-albEndpoint
+	var albEndpoint string
 	switch region {
 	case "cn-hangzhou-finance":
-		endpoint = "alb.cn-hangzhou.aliyuncs.com"
+		albEndpoint = "alb.cn-hangzhou.aliyuncs.com"
 	default:
-		endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
+		albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
 	}
 
-	config := &aliyunOpen.Config{
+	albConfig := &aliyunOpen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(endpoint),
+		Endpoint:        tea.String(albEndpoint),
 	}
-
-	client, err := aliyunAlb.NewClient(config)
+	albClient, err := aliyunAlb.NewClient(albConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	return client, nil
+	// 接入点一览 https://help.aliyun.com/zh/ssl-certificate/developer-reference/endpoints
+	var casEndpoint string
+	if !strings.HasPrefix(region, "cn-") {
+		casEndpoint = "cas.ap-southeast-1.aliyuncs.com"
+	} else {
+		casEndpoint = "cas.aliyuncs.com"
+	}
+
+	casConfig := &aliyunOpen.Config{
+		Endpoint:        tea.String(casEndpoint),
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+	casClient, err := aliyunCas.NewClient(casConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return &wSdkClients{
+		alb: albClient,
+		cas: casClient,
+	}, nil
 }
diff --git a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go
index fddf7ff2..15e6aff2 100644
--- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go
@@ -19,6 +19,7 @@ var (
 	fRegion          string
 	fLoadbalancerId  string
 	fListenerId      string
+	fDomain          string
 )
 
 func init() {
@@ -31,6 +32,7 @@ func init() {
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
 	flag.StringVar(&fListenerId, argsPrefix+"LISTENERID", "", "")
+	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 
 /*
@@ -43,7 +45,8 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_ALIYUNALB_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNALB_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNALB_LOADBALANCERID="your-alb-instance-id" \
-	--CERTIMATE_DEPLOYER_ALIYUNALB_LISTENERID="your-alb-listener-id"
+	--CERTIMATE_DEPLOYER_ALIYUNALB_LISTENERID="your-alb-listener-id" \
+	--CERTIMATE_DEPLOYER_ALIYUNALB_DOMAIN="your-alb-sni-domain"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@@ -57,6 +60,7 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId),
+			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 
 		deployer, err := provider.New(&provider.AliyunALBDeployerConfig{
@@ -65,6 +69,7 @@ func TestDeploy(t *testing.T) {
 			Region:          fRegion,
 			ResourceType:    provider.DEPLOY_RESOURCE_LOADBALANCER,
 			LoadbalancerId:  fLoadbalancerId,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
@@ -99,6 +104,7 @@ func TestDeploy(t *testing.T) {
 			Region:          fRegion,
 			ResourceType:    provider.DEPLOY_RESOURCE_LISTENER,
 			ListenerId:      fListenerId,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
diff --git a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
index 86f6dfd9..1fe99458 100644
--- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
@@ -31,6 +31,9 @@ type AliyunCLBDeployerConfig struct {
 	// 负载均衡监听端口。
 	// 部署资源类型为 [DEPLOY_RESOURCE_LISTENER] 时必填。
 	ListenerPort int32 `json:"listenerPort,omitempty"`
+	// SNI 域名（支持泛域名）。
+	// 部署资源类型为 [DEPLOY_RESOURCE_LOADBALANCER]、[DEPLOY_RESOURCE_LISTENER] 时选填。
+	Domain string `json:"domain,omitempty"`
 }
 
 type AliyunCLBDeployer struct {
@@ -110,8 +113,6 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerPorts := make([]int32, 0)
-
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
 	describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
@@ -127,14 +128,14 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 HTTPS 监听列表
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners
-	listListenersPage := 1
-	listListenersLimit := int32(100)
-	var listListenersToken *string = nil
+	listenerPorts := make([]int32, 0)
+	describeLoadBalancerListenersLimit := int32(100)
+	var describeLoadBalancerListenersToken *string = nil
 	for {
 		describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
 			RegionId:         tea.String(d.config.Region),
-			MaxResults:       tea.Int32(listListenersLimit),
-			NextToken:        listListenersToken,
+			MaxResults:       tea.Int32(describeLoadBalancerListenersLimit),
+			NextToken:        describeLoadBalancerListenersToken,
 			LoadBalancerId:   []*string{tea.String(d.config.LoadbalancerId)},
 			ListenerProtocol: tea.String("https"),
 		}
@@ -152,22 +153,27 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		if len(describeLoadBalancerListenersResp.Body.Listeners) == 0 || describeLoadBalancerListenersResp.Body.NextToken == nil {
 			break
 		} else {
-			listListenersToken = describeLoadBalancerListenersResp.Body.NextToken
-			listListenersPage += 1
+			describeLoadBalancerListenersToken = describeLoadBalancerListenersResp.Body.NextToken
 		}
 	}
 
 	d.logger.Logt("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", listenerPorts)
 
-	// 批量更新监听证书
-	var errs []error
-	for _, listenerPort := range listenerPorts {
-		if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
-			errs = append(errs, err)
+	// 遍历更新监听证书
+	if len(listenerPorts) == 0 {
+		return xerrors.New("listener not found")
+	} else {
+		var errs []error
+
+		for _, listenerPort := range listenerPorts {
+			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -203,67 +209,76 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, cloud
 
 	d.logger.Logt("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp)
 
-	// 查询扩展域名
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
-	describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
-		RegionId:       tea.String(d.config.Region),
-		LoadBalancerId: tea.String(cloudLoadbalancerId),
-		ListenerPort:   tea.Int32(cloudListenerPort),
-	}
-	describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
-	}
+	if d.config.Domain == "" {
+		// 未指定 SNI，只需部署到监听器
 
-	d.logger.Logt("已查询到 CLB 扩展域名", describeDomainExtensionsResp)
+		// 修改监听配置
+		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
+		//
+		// 注意修改监听配置要放在修改扩展域名之后
+		setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
+			RegionId:            tea.String(d.config.Region),
+			LoadBalancerId:      tea.String(cloudLoadbalancerId),
+			ListenerPort:        tea.Int32(cloudListenerPort),
+			ServerCertificateId: tea.String(cloudCertId),
+		}
+		setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
+		}
 
-	// 遍历修改扩展域名
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
-	//
-	// 这里仅修改跟被替换证书一致的扩展域名
-	if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
-		for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
-			if *domainExtension.ServerCertificateId != *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
-				continue
+		d.logger.Logt("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)
+	} else {
+		// 指定 SNI，需部署到扩展域名（支持泛域名）
+
+		// 查询扩展域名
+		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
+		describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
+			RegionId:       tea.String(d.config.Region),
+			LoadBalancerId: tea.String(cloudLoadbalancerId),
+			ListenerPort:   tea.Int32(cloudListenerPort),
+		}
+		describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
+		}
+
+		d.logger.Logt("已查询到 CLB 扩展域名", describeDomainExtensionsResp)
+
+		// 遍历修改扩展域名
+		// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
+		if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
+			var errs []error
+
+			for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
+				if *domainExtension.Domain != d.config.Domain {
+					continue
+				}
+
+				setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
+					RegionId:            tea.String(d.config.Region),
+					DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
+					ServerCertificateId: tea.String(cloudCertId),
+				}
+				setDomainExtensionAttributeResp, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
+				if err != nil {
+					errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'"))
+					continue
+				}
+
+				d.logger.Logt("已修改 CLB 扩展域名", setDomainExtensionAttributeResp)
 			}
 
-			setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
-				RegionId:            tea.String(d.config.Region),
-				DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
-				ServerCertificateId: tea.String(cloudCertId),
-			}
-			_, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
-			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'")
+			if len(errs) > 0 {
+				return errors.Join(errs...)
 			}
 		}
 	}
 
-	// 修改监听配置
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
-	//
-	// 注意修改监听配置要放在修改扩展域名之后
-	setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
-		RegionId:            tea.String(d.config.Region),
-		LoadBalancerId:      tea.String(cloudLoadbalancerId),
-		ListenerPort:        tea.Int32(cloudListenerPort),
-		ServerCertificateId: tea.String(cloudCertId),
-	}
-	setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
-	}
-
-	d.logger.Logt("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)
-
 	return nil
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // CLB(SLB) 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-endpoint
 	var endpoint string
 	switch region {
diff --git a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go
index 761cbb38..0b27c5f8 100644
--- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go
+++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go
@@ -19,6 +19,7 @@ var (
 	fRegion          string
 	fLoadbalancerId  string
 	fListenerPort    int
+	fDomain          string
 )
 
 func init() {
@@ -31,6 +32,7 @@ func init() {
 	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
 	flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
 	flag.IntVar(&fListenerPort, argsPrefix+"LISTENERPORT", 443, "")
+	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }
 
 /*
@@ -43,7 +45,8 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_REGION="cn-hangzhou" \
 	--CERTIMATE_DEPLOYER_ALIYUNCLB_LOADBALANCERID="your-clb-instance-id" \
-	--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443
+	--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443 \
+	--CERTIMATE_DEPLOYER_ALIYUNCLB_DOMAIN="your-alb-sni-domain"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@@ -57,6 +60,7 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("REGION: %v", fRegion),
 			fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId),
+			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))
 
 		deployer, err := provider.New(&provider.AliyunCLBDeployerConfig{
@@ -65,6 +69,7 @@ func TestDeploy(t *testing.T) {
 			Region:          fRegion,
 			ResourceType:    provider.DEPLOY_RESOURCE_LOADBALANCER,
 			LoadbalancerId:  fLoadbalancerId,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
@@ -101,6 +106,7 @@ func TestDeploy(t *testing.T) {
 			ResourceType:    provider.DEPLOY_RESOURCE_LISTENER,
 			LoadbalancerId:  fLoadbalancerId,
 			ListenerPort:    int32(fListenerPort),
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
diff --git a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
index c5558b2c..2b273bc2 100644
--- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
@@ -122,8 +122,6 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerIds := make([]string, 0)
-
 	// 查询负载均衡实例的详细信息
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
 	getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
@@ -138,7 +136,7 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 
 	// 查询 TCPSSL 监听列表
 	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners
-	listListenersPage := 1
+	listenerIds := make([]string, 0)
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
@@ -163,21 +161,26 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
 			break
 		} else {
 			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
 		}
 	}
 
 	d.logger.Logt("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", listenerIds)
 
-	// 批量更新监听证书
-	var errs []error
-	for _, listenerId := range listenerIds {
-		if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
-			errs = append(errs, err)
+	// 遍历更新监听证书
+	if len(listenerIds) == 0 {
+		return xerrors.New("listener not found")
+	} else {
+		var errs []error
+
+		for _, listenerId := range listenerIds {
+			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -226,10 +229,6 @@ func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, cloud
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // NLB 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-endpoint
 	var endpoint string
 	switch region {
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index 25424c5f..1afaa219 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -239,7 +239,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
             <Form.Item name="provider" label={t("workflow_node.deploy.form.provider.label")} rules={[formRule]}>
               <DeployProviderSelect
                 allowClear
-                disabled
+                disabled={!!initialValues?.provider}
                 placeholder={t("workflow_node.deploy.form.provider.placeholder")}
                 showSearch
                 onSelect={handleProviderSelect}
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunALBConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunALBConfig.tsx
index 9560028b..3afcb7a1 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunALBConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunALBConfig.tsx
@@ -4,12 +4,14 @@ import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
 import Show from "@/components/Show";
+import { validDomainName } from "@/utils/validators";
 
 type DeployNodeConfigFormAliyunALBConfigFieldValues = Nullish<{
   resourceType: string;
   region: string;
   loadbalancerId?: string;
   listenerId?: string;
+  domain?: string;
 }>;
 
 export type DeployNodeConfigFormAliyunALBConfigProps = {
@@ -56,6 +58,13 @@ const DeployNodeConfigFormAliyunALBConfig = ({
       .trim()
       .nullish()
       .refine((v) => fieldResourceType !== RESOURCE_TYPE_LISTENER || !!v?.trim(), t("workflow_node.deploy.form.aliyun_alb_listener_id.placeholder")),
+    domain: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
+        return !v || validDomainName(v!, { allowWildcard: true });
+      }, t("common.errmsg.domain_invalid")),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -115,6 +124,17 @@ const DeployNodeConfigFormAliyunALBConfig = ({
           <Input placeholder={t("workflow_node.deploy.form.aliyun_alb_listener_id.placeholder")} />
         </Form.Item>
       </Show>
+
+      <Show when={fieldResourceType === RESOURCE_TYPE_LOADBALANCER || fieldResourceType === RESOURCE_TYPE_LISTENER}>
+        <Form.Item
+          name="domain"
+          label={t("workflow_node.deploy.form.aliyun_alb_snidomain.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_alb_snidomain.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.aliyun_alb_snidomain.placeholder")} />
+        </Form.Item>
+      </Show>
     </Form>
   );
 };
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunCLBConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunCLBConfig.tsx
index be56600b..dfbfc707 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunCLBConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunCLBConfig.tsx
@@ -4,13 +4,14 @@ import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
 import Show from "@/components/Show";
-import { validPortNumber } from "@/utils/validators";
+import { validDomainName, validPortNumber } from "@/utils/validators";
 
 type DeployNodeConfigFormAliyunCLBConfigFieldValues = Nullish<{
   resourceType: string;
   region: string;
   loadbalancerId?: string;
   listenerPort?: string | number;
+  domain?: string;
 }>;
 
 export type DeployNodeConfigFormAliyunCLBConfigProps = {
@@ -68,6 +69,13 @@ const DeployNodeConfigFormAliyunCLBConfig = ({
           ),
       ])
       .nullish(),
+    domain: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
+        return !v || validDomainName(v!, { allowWildcard: true });
+      }, t("common.errmsg.domain_invalid")),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -125,6 +133,17 @@ const DeployNodeConfigFormAliyunCLBConfig = ({
           <Input type="number" min={1} max={65535} placeholder={t("workflow_node.deploy.form.aliyun_clb_listener_port.placeholder")} />
         </Form.Item>
       </Show>
+
+      <Show when={fieldResourceType === RESOURCE_TYPE_LOADBALANCER || fieldResourceType === RESOURCE_TYPE_LISTENER}>
+        <Form.Item
+          name="domain"
+          label={t("workflow_node.deploy.form.aliyun_clb_snidomain.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_clb_snidomain.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.aliyun_clb_snidomain.placeholder")} />
+        </Form.Item>
+      </Show>
     </Form>
   );
 };
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCLBConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCLBConfig.tsx
index 50f46d44..dd6f6ead 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCLBConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCLBConfig.tsx
@@ -66,7 +66,7 @@ const DeployNodeConfigFormTencentCloudCLBConfig = ({
         t("workflow_node.deploy.form.tencentcloud_clb_listener_id.placeholder")
       ),
     domain: z
-      .string({ message: t("workflow_node.deploy.form.tencentcloud_clb_domain.placeholder") })
+      .string()
       .nullish()
       .refine((v) => RESOURCE_TYPE_RULEDOMAIN !== fieldResourceType || validDomainName(v!, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
   });
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index 6cb3b345..d64fb61d 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -86,6 +86,9 @@
   "workflow_node.deploy.form.aliyun_alb_listener_id.label": "Aliyun ALB listener ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "Please enter Aliyun ALB listener ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.label": "Aliyun ALB SNI domain (Optional)",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "Please enter Aliyun ALB SNI domain name",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
   "workflow_node.deploy.form.aliyun_clb_resource_type.label": "Resource type",
   "workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "Please select resource type",
   "workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "CLB load balancer",
@@ -99,6 +102,9 @@
   "workflow_node.deploy.form.aliyun_clb_listener_port.label": "Aliyun CLB listener port",
   "workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "Please enter Aliyun CLB listener port",
   "workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.label": "Aliyun CLB SNI domain (Optional)",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "Please enter Aliyun CLB SNI domain name",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
   "workflow_node.deploy.form.aliyun_cdn_domain.label": "Aliyun CDN domain",
   "workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "Please enter Aliyun CDN domain name",
   "workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "For more information, see <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a>",
@@ -262,9 +268,9 @@
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.label": "Tencent Cloud CLB listener ID",
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.placeholder": "Please enter Tencent Cloud CLB listener ID",
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "Tencent Cloud CLB domain (Optional)",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "Please enter Tencent Cloud CLB domain name",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "Tencent Cloud CLB SNI domain (Optional)",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "Please enter Tencent Cloud CLB SNI domain name",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a><br><br>It is optional. If you want to deploy multiple certificates on the same CLB listener, you can fill in this field.",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "Tencent Cloud CLB domain",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "Please enter Tencent Cloud CLB domain name",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index 66e3f0e2..7b4a9e01 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -86,6 +86,9 @@
   "workflow_node.deploy.form.aliyun_alb_listener_id.label": "阿里云 ALB 监听器 ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "请输入阿里云 ALB 监听器 ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.label": "阿里云 ALB 扩展域名（可选）",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "请输入阿里云 ALB 扩展域名",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a><br><br>为空时，将替换监听器的默认证书。",
   "workflow_node.deploy.form.aliyun_clb_resource_type.label": "证书替换方式",
   "workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "请选择证书替换方式",
   "workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS 监听的证书",
@@ -96,9 +99,12 @@
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "阿里云 CLB 负载均衡器 ID",
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "请输入阿里云 CLB 负载均衡器 ID",
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
-  "workflow_node.deploy.form.aliyun_clb_listener_id.label": "阿里云 CLB 监听端口",
-  "workflow_node.deploy.form.aliyun_clb_listener_id.placeholder": "请输入阿里云 CLB 监听端口",
-  "workflow_node.deploy.form.aliyun_clb_listener_id.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.label": "阿里云 CLB 监听端口",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "请输入阿里云 CLB 监听端口",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.label": "阿里云 CLB 扩展域名（可选）",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "请输入阿里云 CLB 扩展域名",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a><br><br>为空时，将替换监听器的默认证书。",
   "workflow_node.deploy.form.aliyun_cdn_domain.label": "阿里云 CDN 加速域名（支持泛域名）",
   "workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "请输入阿里云 CDN 加速域名",
   "workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "这是什么？请参阅 <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a><br><br>泛域名表示形式为：*.example.com",
@@ -264,7 +270,7 @@
   "workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
   "workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "腾讯云 CLB SNI 域名（可选）",
   "workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "请输入腾讯云 CLB SNI 域名",
-  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
+  "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a><br><br>为空时，将替换监听器的默认证书。",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "腾讯云 CLB 七层转发规则域名",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "请输入腾讯云 CLB 七层转发规则域名",
   "workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",

From 7160589ac7508decaef4191ddd1222bce300f26f Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Mon, 13 Jan 2025 20:03:07 +0800
Subject: [PATCH 2/6] refactor: clean code

---
 internal/domain/access.go                     |  2 +-
 .../huaweicloud-cdn/huaweicloud_cdn.go        | 22 +++++-----
 .../huaweicloud-elb/huaweicloud_elb.go        | 41 ++++++++++---------
 .../tencentcloud-cdn/tencentcloud_cdn.go      |  8 ++--
 .../tencentcloud-clb/tencentcloud_clb.go      | 13 +++---
 .../volcengine-dcdn/volcengine_dcdn.go        |  2 +-
 .../volcengine-live/volcengine_live.go        |  4 +-
 .../providers/aliyun-cas/aliyun_cas.go        |  3 --
 .../providers/aliyun-slb/aliyun_slb.go        |  4 --
 .../providers/byteplus-cdn/byteplus_cdn.go    | 11 +++--
 .../huaweicloud-elb/huaweicloud_elb.go        | 17 +++-----
 .../huaweicloud-scm/huaweicloud_scm.go        | 15 +++----
 .../volcengine-cdn/volcengine_cdn.go          | 10 ++---
 .../volcengine-live/volcengine_live.go        |  8 ++--
 internal/pkg/utils/cast/cast.go               | 25 -----------
 internal/pkg/vendors/huaweicloud-sdk/cast.go  |  9 ++++
 .../pkg/vendors/huaweicloud-sdk/cdn/models.go | 10 ++---
 17 files changed, 86 insertions(+), 118 deletions(-)
 delete mode 100644 internal/pkg/utils/cast/cast.go
 create mode 100644 internal/pkg/vendors/huaweicloud-sdk/cast.go

diff --git a/internal/domain/access.go b/internal/domain/access.go
index 60dd2d3e..6ee3b052 100644
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -103,7 +103,7 @@ type AccessConfigForQiniu struct {
 
 type AccessConfigForSSH struct {
 	Host          string `json:"host"`
-	Port          int    `json:"port"`
+	Port          int32  `json:"port"`
 	Username      string `json:"username"`
 	Password      string `json:"password"`
 	Key           string `json:"key"`
diff --git a/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go b/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
index 2879168b..1b2de807 100644
--- a/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
@@ -14,8 +14,8 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	providerScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
-	hcCdnSdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk/cdn"
+	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
+	hwsdkCdn "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk/cdn"
 )
 
 type HuaweiCloudCDNDeployerConfig struct {
@@ -32,7 +32,7 @@ type HuaweiCloudCDNDeployerConfig struct {
 type HuaweiCloudCDNDeployer struct {
 	config      *HuaweiCloudCDNDeployerConfig
 	logger      logger.Logger
-	sdkClient   *hcCdnSdk.Client
+	sdkClient   *hwsdkCdn.Client
 	sslUploader uploader.Uploader
 }
 
@@ -100,15 +100,15 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context, certPem string, pri
 	// 更新加速域名配置
 	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
 	// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html
-	updateDomainMultiCertificatesReqBodyContent := &hcCdnSdk.UpdateDomainMultiCertificatesExRequestBodyContent{}
+	updateDomainMultiCertificatesReqBodyContent := &hwsdkCdn.UpdateDomainMultiCertificatesExRequestBodyContent{}
 	updateDomainMultiCertificatesReqBodyContent.DomainName = d.config.Domain
 	updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
-	updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
-	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
-	updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
+	updateDomainMultiCertificatesReqBodyContent.CertificateType = hwsdk.Int32Ptr(2)
+	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = hwsdk.StringPtr(upres.CertId)
+	updateDomainMultiCertificatesReqBodyContent.CertName = hwsdk.StringPtr(upres.CertName)
 	updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
-	updateDomainMultiCertificatesReq := &hcCdnSdk.UpdateDomainMultiCertificatesExRequest{
-		Body: &hcCdnSdk.UpdateDomainMultiCertificatesExRequestBody{
+	updateDomainMultiCertificatesReq := &hwsdkCdn.UpdateDomainMultiCertificatesExRequest{
+		Body: &hwsdkCdn.UpdateDomainMultiCertificatesExRequestBody{
 			Https: updateDomainMultiCertificatesReqBodyContent,
 		},
 	}
@@ -122,7 +122,7 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context, certPem string, pri
 	return &deployer.DeployResult{}, nil
 }
 
-func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnSdk.Client, error) {
+func createSdkClient(accessKeyId, secretAccessKey, region string) (*hwsdkCdn.Client, error) {
 	if region == "" {
 		region = "cn-north-1" // CDN 服务默认区域：华北一北京
 	}
@@ -148,6 +148,6 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnSdk.Cli
 		return nil, err
 	}
 
-	client := hcCdnSdk.NewClient(hcClient)
+	client := hwsdkCdn.NewClient(hcClient)
 	return client, nil
 }
diff --git a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
index 010bdd2b..5a12e101 100644
--- a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -20,7 +20,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	providerElb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
 )
 
 type HuaweiCloudELBDeployerConfig struct {
@@ -131,8 +131,8 @@ func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context, certPe
 		CertificateId: d.config.CertificateId,
 		Body: &hcElbModel.UpdateCertificateRequestBody{
 			Certificate: &hcElbModel.UpdateCertificateOption{
-				Certificate: cast.StringPtr(certPem),
-				PrivateKey:  cast.StringPtr(privkeyPem),
+				Certificate: hwsdk.StringPtr(certPem),
+				PrivateKey:  hwsdk.StringPtr(privkeyPem),
 			},
 		},
 	}
@@ -151,8 +151,6 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerIds := make([]string, 0)
-
 	// 查询负载均衡器详情
 	// REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html
 	showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{
@@ -167,11 +165,12 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP
 
 	// 查询监听器列表
 	// REF: https://support.huaweicloud.com/api-elb/ListListeners.html
+	listenerIds := make([]string, 0)
 	listListenersLimit := int32(2000)
 	var listListenersMarker *string = nil
 	for {
 		listListenersReq := &hcElbModel.ListListenersRequest{
-			Limit:          cast.Int32Ptr(listListenersLimit),
+			Limit:          hwsdk.Int32Ptr(listListenersLimit),
 			Marker:         listListenersMarker,
 			Protocol:       &[]string{"HTTPS", "TERMINATED_HTTPS"},
 			LoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},
@@ -204,15 +203,21 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP
 
 	d.logger.Logt("certificate file uploaded", upres)
 
-	// 批量更新监听器证书
-	var errs []error
-	for _, listenerId := range listenerIds {
-		if err := d.modifyListenerCertificate(ctx, listenerId, upres.CertId); err != nil {
-			errs = append(errs, err)
+	// 遍历更新监听器证书
+	if len(listenerIds) == 0 {
+		return xerrors.New("listener not found")
+	} else {
+		var errs []error
+
+		for _, listenerId := range listenerIds {
+			if err := d.modifyListenerCertificate(ctx, listenerId, upres.CertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
 		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
 	}
 
 	return nil
@@ -258,7 +263,7 @@ func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context,
 		ListenerId: cloudListenerId,
 		Body: &hcElbModel.UpdateListenerRequestBody{
 			Listener: &hcElbModel.UpdateListenerOption{
-				DefaultTlsContainerRef: cast.StringPtr(cloudCertId),
+				DefaultTlsContainerRef: hwsdk.StringPtr(cloudCertId),
 			},
 		},
 	}
@@ -305,7 +310,7 @@ func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context,
 		}
 
 		if showListenerResp.Listener.SniMatchAlgo != "" {
-			updateListenerReq.Body.Listener.SniMatchAlgo = cast.StringPtr(showListenerResp.Listener.SniMatchAlgo)
+			updateListenerReq.Body.Listener.SniMatchAlgo = hwsdk.StringPtr(showListenerResp.Listener.SniMatchAlgo)
 		}
 	}
 	updateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)
@@ -319,10 +324,6 @@ func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context,
 }
 
 func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
-	if region == "" {
-		region = "cn-north-4" // ELB 服务默认区域：华北四北京
-	}
-
 	projectId, err := getSdkProjectId(accessKeyId, secretAccessKey, region)
 	if err != nil {
 		return nil, err
diff --git a/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go b/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go
index 7aee8434..a4a05a1b 100644
--- a/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go
@@ -30,13 +30,13 @@ type TencentCloudCDNDeployerConfig struct {
 type TencentCloudCDNDeployer struct {
 	config      *TencentCloudCDNDeployerConfig
 	logger      logger.Logger
-	sdkClients  *tencentCloudCDNDeployerSdkClients
+	sdkClients  *wSdkClients
 	sslUploader uploader.Uploader
 }
 
 var _ deployer.Deployer = (*TencentCloudCDNDeployer)(nil)
 
-type tencentCloudCDNDeployerSdkClients struct {
+type wSdkClients struct {
 	ssl *tcSsl.Client
 	cdn *tcCdn.Client
 }
@@ -179,7 +179,7 @@ func (d *TencentCloudCDNDeployer) getDeployedDomainsByCertificateId(cloudCertId
 	return domains, nil
 }
 
-func createSdkClients(secretId, secretKey string) (*tencentCloudCDNDeployerSdkClients, error) {
+func createSdkClients(secretId, secretKey string) (*wSdkClients, error) {
 	credential := common.NewCredential(secretId, secretKey)
 
 	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
@@ -192,7 +192,7 @@ func createSdkClients(secretId, secretKey string) (*tencentCloudCDNDeployerSdkCl
 		return nil, err
 	}
 
-	return &tencentCloudCDNDeployerSdkClients{
+	return &wSdkClients{
 		ssl: sslClient,
 		cdn: cdnClient,
 	}, nil
diff --git a/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go b/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
index ed00e1c9..17958eac 100644
--- a/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
@@ -138,10 +138,10 @@ func (d *TencentCloudCLBDeployer) deployToInstanceUseSsl(ctx context.Context, cl
 	deployCertificateInstanceReq.ResourceType = common.StringPtr("clb")
 	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
 	if d.config.Domain == "" {
-		// 未开启 SNI，只需指定到监听器
+		// 未指定 SNI，只需部署到监听器
 		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", d.config.LoadbalancerId, d.config.ListenerId)})
 	} else {
-		// 开启 SNI，需指定到域名（支持泛域名）
+		// 指定 SNI，需部署到域名（支持泛域名）
 		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", d.config.LoadbalancerId, d.config.ListenerId, d.config.Domain)})
 	}
 	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
@@ -159,10 +159,9 @@ func (d *TencentCloudCLBDeployer) deployToLoadbalancer(ctx context.Context, clou
 		return errors.New("config `loadbalancerId` is required")
 	}
 
-	listenerIds := make([]string, 0)
-
 	// 查询监听器列表
 	// REF: https://cloud.tencent.com/document/api/214/30686
+	listenerIds := make([]string, 0)
 	describeListenersReq := tcClb.NewDescribeListenersRequest()
 	describeListenersReq.LoadBalancerId = common.StringPtr(d.config.LoadbalancerId)
 	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
@@ -182,8 +181,10 @@ func (d *TencentCloudCLBDeployer) deployToLoadbalancer(ctx context.Context, clou
 
 	d.logger.Logt("已查询到负载均衡器下的监听器", listenerIds)
 
-	// 批量更新监听器证书
-	if len(listenerIds) > 0 {
+	// 遍历更新监听器证书
+	if len(listenerIds) == 0 {
+		return xerrors.New("listener not found")
+	} else {
 		var errs []error
 
 		for _, listenerId := range listenerIds {
diff --git a/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go b/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
index d53760a1..e89ce05d 100644
--- a/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
+++ b/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
@@ -102,7 +102,7 @@ func (d *VolcEngineDCDNDeployer) Deploy(ctx context.Context, certPem string, pri
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*veDcdn.DCDN, error) {
 	if region == "" {
-		region = "cn-beijing" // 证书中心默认区域：北京
+		region = "cn-beijing" // DCDN 服务默认区域：北京
 	}
 
 	config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret)
diff --git a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
index b90ac6c0..b904987c 100644
--- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
@@ -8,12 +8,12 @@ import (
 
 	xerrors "github.com/pkg/errors"
 	veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
+	ve "github.com/volcengine/volcengine-go-sdk/volcengine"
 
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	providerLive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 )
 
 type VolcEngineLiveDeployerConfig struct {
@@ -128,7 +128,7 @@ func (d *VolcEngineLiveDeployer) Deploy(ctx context.Context, certPem string, pri
 			bindCertReq := &veLive.BindCertBody{
 				ChainID: upres.CertId,
 				Domain:  domain,
-				HTTPS:   cast.BoolPtr(true),
+				HTTPS:   ve.Bool(true),
 			}
 			bindCertResp, err := d.sdkClient.BindCert(ctx, bindCertReq)
 			if err != nil {
diff --git a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
index 27633ca0..7649f618 100644
--- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
@@ -113,9 +113,6 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP
 			break
 		} else {
 			listUserCertificateOrderPage += 1
-			if listUserCertificateOrderPage > 99 { // 避免死循环
-				break
-			}
 		}
 	}
 
diff --git a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
index f5939354..2df26ebc 100644
--- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
+++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
@@ -120,10 +120,6 @@ func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyP
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // SLB 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-endpoint
 	var endpoint string
 	switch region {
diff --git a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
index 471debdd..e564bba1 100644
--- a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
+++ b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
@@ -14,7 +14,6 @@ import (
 	xerrors "github.com/pkg/errors"
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )
 
@@ -60,9 +59,9 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
 	listCertInfoPageSize := int64(100)
 	listCertInfoTotal := 0
 	listCertInfoReq := &bpCdn.ListCertInfoRequest{
-		PageNum:  cast.Int64Ptr(listCertInfoPageNum),
-		PageSize: cast.Int64Ptr(listCertInfoPageSize),
-		Source:   cast.StringPtr("cert_center"),
+		PageNum:  bpCdn.GetInt64Ptr(listCertInfoPageNum),
+		PageSize: bpCdn.GetInt64Ptr(listCertInfoPageSize),
+		Source:   bpCdn.GetStrPtr("cert_center"),
 	}
 	for {
 		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
@@ -104,8 +103,8 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
 	addCertificateReq := &bpCdn.AddCertificateRequest{
 		Certificate: certPem,
 		PrivateKey:  privkeyPem,
-		Source:      cast.StringPtr("cert_center"),
-		Desc:        cast.StringPtr(certName),
+		Source:      bpCdn.GetStrPtr("cert_center"),
+		Desc:        bpCdn.GetStrPtr(certName),
 	}
 	addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
 	if err != nil {
diff --git a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
index 6cc667a4..83ccc0b7 100644
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -17,8 +17,8 @@ import (
 	xerrors "github.com/pkg/errors"
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
 )
 
 type HuaweiCloudELBUploaderConfig struct {
@@ -66,12 +66,11 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 
 	// 遍历查询已有证书，避免重复上传
 	// REF: https://support.huaweicloud.com/api-elb/ListCertificates.html
-	listCertificatesPage := 1
 	listCertificatesLimit := int32(2000)
 	var listCertificatesMarker *string = nil
 	for {
 		listCertificatesReq := &hcElbModel.ListCertificatesRequest{
-			Limit:  cast.Int32Ptr(listCertificatesLimit),
+			Limit:  hwsdk.Int32Ptr(listCertificatesLimit),
 			Marker: listCertificatesMarker,
 			Type:   &[]string{"server"},
 		}
@@ -108,10 +107,6 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 			break
 		} else {
 			listCertificatesMarker = listCertificatesResp.PageInfo.NextMarker
-			listCertificatesPage++
-			if listCertificatesPage >= 9 { // 避免死循环
-				break
-			}
 		}
 	}
 
@@ -131,10 +126,10 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 	createCertificateReq := &hcElbModel.CreateCertificateRequest{
 		Body: &hcElbModel.CreateCertificateRequestBody{
 			Certificate: &hcElbModel.CreateCertificateOption{
-				ProjectId:   cast.StringPtr(projectId),
-				Name:        cast.StringPtr(certName),
-				Certificate: cast.StringPtr(certPem),
-				PrivateKey:  cast.StringPtr(privkeyPem),
+				ProjectId:   hwsdk.StringPtr(projectId),
+				Name:        hwsdk.StringPtr(certName),
+				Certificate: hwsdk.StringPtr(certPem),
+				PrivateKey:  hwsdk.StringPtr(privkeyPem),
 			},
 		},
 	}
diff --git a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
index 5662f9b1..0c6721a1 100644
--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@@ -13,8 +13,8 @@ import (
 	xerrors "github.com/pkg/errors"
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
 )
 
 type HuaweiCloudSCMUploaderConfig struct {
@@ -63,15 +63,14 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 	// 遍历查询已有证书，避免重复上传
 	// REF: https://support.huaweicloud.com/api-ccm/ListCertificates.html
 	// REF: https://support.huaweicloud.com/api-ccm/ExportCertificate_0.html
-	listCertificatesPage := 1
 	listCertificatesLimit := int32(50)
 	listCertificatesOffset := int32(0)
 	for {
 		listCertificatesReq := &hcScmModel.ListCertificatesRequest{
-			Limit:   cast.Int32Ptr(listCertificatesLimit),
-			Offset:  cast.Int32Ptr(listCertificatesOffset),
-			SortDir: cast.StringPtr("DESC"),
-			SortKey: cast.StringPtr("certExpiredTime"),
+			Limit:   hwsdk.Int32Ptr(listCertificatesLimit),
+			Offset:  hwsdk.Int32Ptr(listCertificatesOffset),
+			SortDir: hwsdk.StringPtr("DESC"),
+			SortKey: hwsdk.StringPtr("certExpiredTime"),
 		}
 		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
 		if err != nil {
@@ -117,10 +116,6 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 			break
 		} else {
 			listCertificatesOffset += listCertificatesLimit
-			listCertificatesPage += 1
-			if listCertificatesPage > 99 { // 避免死循环
-				break
-			}
 		}
 	}
 
diff --git a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
index 3da0d732..7a766895 100644
--- a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
@@ -12,9 +12,9 @@ import (
 
 	xerrors "github.com/pkg/errors"
 	veCdn "github.com/volcengine/volc-sdk-golang/service/cdn"
+	ve "github.com/volcengine/volcengine-go-sdk/volcengine"
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )
 
@@ -60,8 +60,8 @@ func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, priv
 	listCertInfoPageSize := int64(100)
 	listCertInfoTotal := 0
 	listCertInfoReq := &veCdn.ListCertInfoRequest{
-		PageNum:  cast.Int64Ptr(listCertInfoPageNum),
-		PageSize: cast.Int64Ptr(listCertInfoPageSize),
+		PageNum:  ve.Int64(listCertInfoPageNum),
+		PageSize: ve.Int64(listCertInfoPageSize),
 		Source:   "volc_cert_center",
 	}
 	for {
@@ -104,8 +104,8 @@ func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, priv
 	addCertificateReq := &veCdn.AddCertificateRequest{
 		Certificate: certPem,
 		PrivateKey:  privkeyPem,
-		Source:      cast.StringPtr("volc_cert_center"),
-		Desc:        cast.StringPtr(certName),
+		Source:      ve.String("volc_cert_center"),
+		Desc:        ve.String(certName),
 	}
 	addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
 	if err != nil {
diff --git a/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
index bad76a67..b71c5d9d 100644
--- a/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
@@ -9,9 +9,9 @@ import (
 
 	xerrors "github.com/pkg/errors"
 	veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
+	ve "github.com/volcengine/volcengine-go-sdk/volcengine"
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
 	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )
 
@@ -63,7 +63,7 @@ func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, pri
 			// 查询证书详细信息
 			// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85
 			describeCertDetailSecretReq := &veLive.DescribeCertDetailSecretV2Body{
-				ChainID: cast.StringPtr(certDetail.ChainID),
+				ChainID: ve.String(certDetail.ChainID),
 			}
 			describeCertDetailSecretResp, err := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
 			if err != nil {
@@ -100,9 +100,9 @@ func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, pri
 	// 上传新证书
 	// REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6
 	createCertReq := &veLive.CreateCertBody{
-		CertName:    &certName,
+		CertName:    ve.String(certName),
 		UseWay:      "https",
-		ProjectName: cast.StringPtr("default"),
+		ProjectName: ve.String("default"),
 		Rsa: veLive.CreateCertBodyRsa{
 			Prikey: privkeyPem,
 			Pubkey: certPem,
diff --git a/internal/pkg/utils/cast/cast.go b/internal/pkg/utils/cast/cast.go
deleted file mode 100644
index a83ad164..00000000
--- a/internal/pkg/utils/cast/cast.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package cast
-
-func Int32Ptr(i int32) *int32 {
-	return &i
-}
-
-func Int64Ptr(i int64) *int64 {
-	return &i
-}
-
-func UInt32Ptr(i uint32) *uint32 {
-	return &i
-}
-
-func UInt64Ptr(i uint64) *uint64 {
-	return &i
-}
-
-func StringPtr(s string) *string {
-	return &s
-}
-
-func BoolPtr(b bool) *bool {
-	return &b
-}
diff --git a/internal/pkg/vendors/huaweicloud-sdk/cast.go b/internal/pkg/vendors/huaweicloud-sdk/cast.go
new file mode 100644
index 00000000..2abb9c87
--- /dev/null
+++ b/internal/pkg/vendors/huaweicloud-sdk/cast.go
@@ -0,0 +1,9 @@
+package huaweicloudsdk
+
+func Int32Ptr(i int32) *int32 {
+	return &i
+}
+
+func StringPtr(s string) *string {
+	return &s
+}
diff --git a/internal/pkg/vendors/huaweicloud-sdk/cdn/models.go b/internal/pkg/vendors/huaweicloud-sdk/cdn/models.go
index ff0def2a..5aa167f0 100644
--- a/internal/pkg/vendors/huaweicloud-sdk/cdn/models.go
+++ b/internal/pkg/vendors/huaweicloud-sdk/cdn/models.go
@@ -3,7 +3,7 @@
 import (
 	hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
 
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
 )
 
 type UpdateDomainMultiCertificatesExRequestBodyContent struct {
@@ -34,11 +34,11 @@ func (m *UpdateDomainMultiCertificatesExRequestBodyContent) MergeConfig(src *hcC
 	// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致，需要做很多转化。
 
 	if *src.OriginProtocol == "follow" {
-		m.AccessOriginWay = cast.Int32Ptr(1)
+		m.AccessOriginWay = hwsdk.Int32Ptr(1)
 	} else if *src.OriginProtocol == "http" {
-		m.AccessOriginWay = cast.Int32Ptr(2)
+		m.AccessOriginWay = hwsdk.Int32Ptr(2)
 	} else if *src.OriginProtocol == "https" {
-		m.AccessOriginWay = cast.Int32Ptr(3)
+		m.AccessOriginWay = hwsdk.Int32Ptr(3)
 	}
 
 	if src.ForceRedirect != nil {
@@ -54,7 +54,7 @@ func (m *UpdateDomainMultiCertificatesExRequestBodyContent) MergeConfig(src *hcC
 
 	if src.Https != nil {
 		if *src.Https.Http2Status == "on" {
-			m.Http2 = cast.Int32Ptr(1)
+			m.Http2 = hwsdk.Int32Ptr(1)
 		}
 	}
 

From 8aa5c3ca65e0462f7beb1a64d4c35e62aeaf34c6 Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Mon, 13 Jan 2025 20:04:46 +0800
Subject: [PATCH 3/6] refactor: clean code

---
 .../core/deployer/providers/volcengine-cdn/volcengine_cdn.go  | 4 ++--
 .../core/deployer/providers/volcengine-clb/volcengine_clb.go  | 4 ++--
 .../deployer/providers/volcengine-dcdn/volcengine_dcdn.go     | 4 ++--
 .../deployer/providers/volcengine-live/volcengine_live.go     | 4 ++--
 .../core/deployer/providers/volcengine-tos/volcengine_tos.go  | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
index 41c16323..02adaf1b 100644
--- a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
@@ -12,7 +12,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	providerCdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn"
+	uploaderCdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn"
 )
 
 type VolcEngineCDNDeployerConfig struct {
@@ -50,7 +50,7 @@ func NewWithLogger(config *VolcEngineCDNDeployerConfig, logger logger.Logger) (*
 	client.Client.SetAccessKey(config.AccessKeyId)
 	client.Client.SetSecretKey(config.AccessKeySecret)
 
-	uploader, err := providerCdn.New(&providerCdn.VolcEngineCDNUploaderConfig{
+	uploader, err := uploaderCdn.New(&uploaderCdn.VolcEngineCDNUploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 	})
diff --git a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
index 5da27d4e..b4acbfa0 100644
--- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
@@ -13,7 +13,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	providerCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
+	uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
 )
 
 type VolcEngineCLBDeployerConfig struct {
@@ -57,7 +57,7 @@ func NewWithLogger(config *VolcEngineCLBDeployerConfig, logger logger.Logger) (*
 		return nil, xerrors.Wrap(err, "failed to create sdk client")
 	}
 
-	uploader, err := providerCertCenter.New(&providerCertCenter.VolcEngineCertCenterUploaderConfig{
+	uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 		Region:          config.Region,
diff --git a/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go b/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
index e89ce05d..86c8776d 100644
--- a/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
+++ b/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
@@ -13,7 +13,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	providerCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
+	uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
 )
 
 type VolcEngineDCDNDeployerConfig struct {
@@ -54,7 +54,7 @@ func NewWithLogger(config *VolcEngineDCDNDeployerConfig, logger logger.Logger) (
 		return nil, xerrors.Wrap(err, "failed to create sdk client")
 	}
 
-	uploader, err := providerCertCenter.New(&providerCertCenter.VolcEngineCertCenterUploaderConfig{
+	uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 		Region:          config.Region,
diff --git a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
index b904987c..78d492b6 100644
--- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
@@ -13,7 +13,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	providerLive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
+	uploaderLive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
 )
 
 type VolcEngineLiveDeployerConfig struct {
@@ -51,7 +51,7 @@ func NewWithLogger(config *VolcEngineLiveDeployerConfig, logger logger.Logger) (
 	client.SetAccessKey(config.AccessKeyId)
 	client.SetSecretKey(config.AccessKeySecret)
 
-	uploader, err := providerLive.New(&providerLive.VolcEngineLiveUploaderConfig{
+	uploader, err := uploaderLive.New(&uploaderLive.VolcEngineLiveUploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 	})
diff --git a/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go b/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go
index 92221351..0c5501ec 100644
--- a/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go
+++ b/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go
@@ -11,7 +11,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/logger"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	providerCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
+	uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
 )
 
 type VolcEngineTOSDeployerConfig struct {
@@ -54,7 +54,7 @@ func NewWithLogger(config *VolcEngineTOSDeployerConfig, logger logger.Logger) (*
 		return nil, xerrors.Wrap(err, "failed to create sdk client")
 	}
 
-	uploader, err := providerCertCenter.New(&providerCertCenter.VolcEngineCertCenterUploaderConfig{
+	uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
 		Region:          config.Region,

From 643d8209655246f809107e667032d72bb0f8cf8b Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Mon, 13 Jan 2025 21:01:49 +0800
Subject: [PATCH 4/6] feat: add aliyun live deployer

---
 go.mod                                        |   3 +-
 go.sum                                        |   6 +
 internal/deployer/providers.go                |  12 +-
 internal/domain/provider.go                   |   1 +
 .../providers/aliyun-live/aliyun_live.go      | 116 ++++++++++++++++++
 .../providers/aliyun-live/aliyun_live_test.go |  75 +++++++++++
 .../volcengine-live/volcengine_live.go        |   2 +-
 .../components/workflow/node/DeployNode.tsx   |  22 ++--
 .../workflow/node/DeployNodeConfigForm.tsx    |   3 +
 .../DeployNodeConfigFormAliyunLiveConfig.tsx  |  79 ++++++++++++
 ui/src/domain/provider.ts                     |   4 +-
 ui/src/i18n/locales/en/nls.common.json        |   1 +
 .../i18n/locales/en/nls.workflow.nodes.json   |  70 ++++++-----
 ui/src/i18n/locales/zh/nls.common.json        |   1 +
 .../i18n/locales/zh/nls.workflow.nodes.json   |   6 +
 15 files changed, 357 insertions(+), 44 deletions(-)
 create mode 100644 internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go
 create mode 100644 internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go
 create mode 100644 ui/src/components/workflow/node/DeployNodeConfigFormAliyunLiveConfig.tsx

diff --git a/go.mod b/go.mod
index c4123631..79248128 100644
--- a/go.mod
+++ b/go.mod
@@ -50,6 +50,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect
+	github.com/alibabacloud-go/live-20161101 v1.1.1 // indirect
 	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
 	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
 	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
@@ -102,7 +103,7 @@ require (
 	github.com/alibabacloud-go/openapi-util v0.1.1 // indirect
 	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.63.72 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.63.80 // indirect
 	github.com/aliyun/credentials-go v1.3.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.32.7 // indirect
diff --git a/go.sum b/go.sum
index 7c5cde40..ca08858b 100644
--- a/go.sum
+++ b/go.sum
@@ -125,6 +125,7 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F
 github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
 github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.2/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.5/go.mod h1:kUe8JqFmoVU7lfBauaDD5taFaW7mBI+xVsyHutYtabg=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU=
@@ -142,6 +143,8 @@ github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA
 github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
 github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q=
 github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
+github.com/alibabacloud-go/live-20161101 v1.1.1 h1:rUGfA8RHmCMtQ5M3yMSyRde+yRXWqVecmiXBU3XrGJ8=
+github.com/alibabacloud-go/live-20161101 v1.1.1/go.mod h1:g84w6qeAodT0/IHdc0tEed2a8PyhQhYl7TAj3jGl4A4=
 github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3 h1:LtyUVlgBEKyzWgQJurzXM6MXCt84sQr9cE5OKqYymko=
 github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3/go.mod h1:4a/RcBYeAhYowHzX+LMgnouz7NradnSKPKl14KS3B1U=
 github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
@@ -175,6 +178,7 @@ github.com/alibabacloud-go/tea-utils v1.3.6/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQ
 github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=
 github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
 github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.1/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
 github.com/alibabacloud-go/tea-utils/v2 v2.0.4/go.mod h1:sj1PbjPodAVTqGTA3olprfeeqqmwD0A5OQz94o9EuXQ=
 github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4=
 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0=
@@ -185,6 +189,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY
 github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.72 h1:HvFZUzEbNvfe8F2Mg0wBGv90bPhWDxgVtDHR5zoBOU0=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.72/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
+github.com/aliyun/alibaba-cloud-sdk-go v1.63.80 h1:Dn5QrIWYgi7IZJkuhrAe33x/jFWlbHCW3Dip1Tv3z9c=
+github.com/aliyun/alibaba-cloud-sdk-go v1.63.80/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index 7abd7185..c183b2cf 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -9,6 +9,7 @@ import (
 	providerAliyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn"
 	providerAliyunCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-clb"
 	providerAliyunDCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-dcdn"
+	providerAliyunLive "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-live"
 	providerAliyunNLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-nlb"
 	providerAliyunOSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-oss"
 	providerBaiduCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-cdn"
@@ -43,7 +44,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
 	switch options.Provider {
-	case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS:
+	case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS:
 		{
 			access := domain.AccessConfigForAliyun{}
 			if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil {
@@ -91,6 +92,15 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 				}, logger)
 				return deployer, logger, err
 
+			case domain.DeployProviderTypeAliyunLive:
+				deployer, err := providerAliyunLive.NewWithLogger(&providerAliyunLive.AliyunLiveDeployerConfig{
+					AccessKeyId:     access.AccessKeyId,
+					AccessKeySecret: access.AccessKeySecret,
+					Region:          maps.GetValueAsString(options.ProviderDeployConfig, "region"),
+					Domain:          maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
+				}, logger)
+				return deployer, logger, err
+
 			case domain.DeployProviderTypeAliyunNLB:
 				deployer, err := providerAliyunNLB.NewWithLogger(&providerAliyunNLB.AliyunNLBDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index 5f60d861..dd9d1607 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -74,6 +74,7 @@ const (
 	DeployProviderTypeAliyunCDN        = DeployProviderType("aliyun-cdn")
 	DeployProviderTypeAliyunCLB        = DeployProviderType("aliyun-clb")
 	DeployProviderTypeAliyunDCDN       = DeployProviderType("aliyun-dcdn")
+	DeployProviderTypeAliyunLive       = DeployProviderType("aliyun-live")
 	DeployProviderTypeAliyunNLB        = DeployProviderType("aliyun-nlb")
 	DeployProviderTypeAliyunOSS        = DeployProviderType("aliyun-oss")
 	DeployProviderTypeBaiduCloudCDN    = DeployProviderType("baiducloud-cdn")
diff --git a/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go
new file mode 100644
index 00000000..2e0c46af
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go
@@ -0,0 +1,116 @@
+package aliyunlive
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunLive "github.com/alibabacloud-go/live-20161101/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	"github.com/usual2970/certimate/internal/pkg/core/logger"
+)
+
+type AliyunLiveDeployerConfig struct {
+	// 阿里云 AccessKeyId。
+	AccessKeyId string `json:"accessKeyId"`
+	// 阿里云 AccessKeySecret。
+	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云地域。
+	Region string `json:"region"`
+	// 直播流域名（支持泛域名）。
+	Domain string `json:"domain"`
+}
+
+type AliyunLiveDeployer struct {
+	config    *AliyunLiveDeployerConfig
+	logger    logger.Logger
+	sdkClient *aliyunLive.Client
+}
+
+var _ deployer.Deployer = (*AliyunLiveDeployer)(nil)
+
+func New(config *AliyunLiveDeployerConfig) (*AliyunLiveDeployer, error) {
+	return NewWithLogger(config, logger.NewNilLogger())
+}
+
+func NewWithLogger(config *AliyunLiveDeployerConfig, logger logger.Logger) (*AliyunLiveDeployer, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	if logger == nil {
+		return nil, errors.New("logger is nil")
+	}
+
+	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunLiveDeployer{
+		logger:    logger,
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (d *AliyunLiveDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+	// "*.example.com" → ".example.com"，适配阿里云 Live 要求的泛域名格式
+	domain := strings.TrimPrefix(d.config.Domain, "*")
+
+	// 设置域名证书
+	// REF: https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-setlivedomaincertificate
+	setLiveDomainSSLCertificateReq := &aliyunLive.SetLiveDomainCertificateRequest{
+		DomainName:  tea.String(domain),
+		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
+		CertType:    tea.String("upload"),
+		SSLProtocol: tea.String("on"),
+		SSLPub:      tea.String(certPem),
+		SSLPri:      tea.String(privkeyPem),
+	}
+	setLiveDomainSSLCertificateResp, err := d.sdkClient.SetLiveDomainCertificate(setLiveDomainSSLCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.SetLiveDomainCertificate'")
+	}
+
+	d.logger.Logt("已设置域名证书", setLiveDomainSSLCertificateResp)
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunLive.Client, error) {
+	// 接入点一览 https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-endpoint
+	var endpoint string
+	switch region {
+	case
+		"cn-qingdao",
+		"cn-beijing",
+		"cn-shanghai",
+		"cn-shenzhen",
+		"ap-northeast-1",
+		"ap-southeast-5",
+		"me-central-1":
+		endpoint = "live.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("live.%s.aliyuncs.com", region)
+	}
+
+	config := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+		Endpoint:        tea.String(endpoint),
+	}
+
+	client, err := aliyunLive.NewClient(config)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
diff --git a/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go
new file mode 100644
index 00000000..d66f647a
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go
@@ -0,0 +1,75 @@
+package aliyunlive_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-live"
+)
+
+var (
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+	fDomain          string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNLIVE_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./aliyun_live_test.go -args \
+	--CERTIMATE_DEPLOYER_ALIYUNLIVE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_ALIYUNLIVE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_ALIYUNLIVE_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_DEPLOYER_ALIYUNLIVE_ACCESSKEYSECRET="your-access-key-secret" \
+	--CERTIMATE_DEPLOYER_ALIYUNLIVE_DOMAIN="example.com"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+			fmt.Sprintf("DOMAIN: %v", fDomain),
+		}, "\n"))
+
+		deployer, err := provider.New(&provider.AliyunLiveDeployerConfig{
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+			Domain:          fDomain,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}
diff --git a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
index 78d492b6..083837b7 100644
--- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
@@ -21,7 +21,7 @@ type VolcEngineLiveDeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 火山引擎 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
-	// 加速域名（支持泛域名）。
+	// 直播流域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
 
diff --git a/ui/src/components/workflow/node/DeployNode.tsx b/ui/src/components/workflow/node/DeployNode.tsx
index 988ae01f..ce3952d1 100644
--- a/ui/src/components/workflow/node/DeployNode.tsx
+++ b/ui/src/components/workflow/node/DeployNode.tsx
@@ -25,14 +25,14 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
   const formRef = useRef<DeployNodeConfigFormInstance>(null);
   const [formPending, setFormPending] = useState(false);
 
-  const [fieldProvider, setFieldProvider] = useState<string | undefined>((node.config as WorkflowNodeConfigForDeploy)?.provider);
-  useEffect(() => {
-    setFieldProvider((node.config as WorkflowNodeConfigForDeploy)?.provider);
-  }, [node.config?.provider]);
-
   const [drawerOpen, setDrawerOpen] = useState(false);
+  const [drawerFooterShow, setDrawerFooterShow] = useState(true);
   const getFormValues = () => formRef.current!.getFieldsValue() as WorkflowNodeConfigForDeploy;
 
+  useEffect(() => {
+    setDrawerFooterShow(!!(node.config as WorkflowNodeConfigForDeploy)?.provider);
+  }, [node.config?.provider]);
+
   const wrappedEl = useMemo(() => {
     if (node.type !== WorkflowNodeType.Deploy) {
       console.warn(`[certimate] current workflow node type is not: ${WorkflowNodeType.Deploy}`);
@@ -76,7 +76,7 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
   };
 
   const handleFormValuesChange = (values: Partial<WorkflowNodeConfigForDeploy>) => {
-    setFieldProvider(values.provider!);
+    setDrawerFooterShow(!!values.provider);
   };
 
   return (
@@ -87,11 +87,17 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
 
       <SharedNode.ConfigDrawer
         node={node}
-        footer={!!fieldProvider}
+        footer={drawerFooterShow}
         open={drawerOpen}
         pending={formPending}
         onConfirm={handleDrawerConfirm}
-        onOpenChange={(open) => setDrawerOpen(open)}
+        onOpenChange={(open) => {
+          setDrawerOpen(open);
+
+          if (!open) {
+            setDrawerFooterShow(!!(node.config as WorkflowNodeConfigForDeploy)?.provider);
+          }
+        }}
         getFormValues={() => formRef.current!.getFieldsValue()}
       >
         <DeployNodeConfigForm ref={formRef} disabled={disabled} initialValues={node.config} nodeId={node.id} onValuesChange={handleFormValuesChange} />
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index 1afaa219..b369a478 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -19,6 +19,7 @@ import DeployNodeConfigFormAliyunALBConfig from "./DeployNodeConfigFormAliyunALB
 import DeployNodeConfigFormAliyunCDNConfig from "./DeployNodeConfigFormAliyunCDNConfig";
 import DeployNodeConfigFormAliyunCLBConfig from "./DeployNodeConfigFormAliyunCLBConfig";
 import DeployNodeConfigFormAliyunDCDNConfig from "./DeployNodeConfigFormAliyunDCDNConfig";
+import DeployNodeConfigFormAliyunLiveConfig from "./DeployNodeConfigFormAliyunLiveConfig";
 import DeployNodeConfigFormAliyunNLBConfig from "./DeployNodeConfigFormAliyunNLBConfig";
 import DeployNodeConfigFormAliyunOSSConfig from "./DeployNodeConfigFormAliyunOSSConfig";
 import DeployNodeConfigFormBaiduCloudCDNConfig from "./DeployNodeConfigFormBaiduCloudCDNConfig";
@@ -118,6 +119,8 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
           return <DeployNodeConfigFormAliyunCDNConfig {...nestedFormProps} />;
         case DEPLOY_PROVIDERS.ALIYUN_DCDN:
           return <DeployNodeConfigFormAliyunDCDNConfig {...nestedFormProps} />;
+        case DEPLOY_PROVIDERS.ALIYUN_LIVE:
+          return <DeployNodeConfigFormAliyunLiveConfig {...nestedFormProps} />;
         case DEPLOY_PROVIDERS.ALIYUN_NLB:
           return <DeployNodeConfigFormAliyunNLBConfig {...nestedFormProps} />;
         case DEPLOY_PROVIDERS.ALIYUN_OSS:
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunLiveConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunLiveConfig.tsx
new file mode 100644
index 00000000..04692846
--- /dev/null
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunLiveConfig.tsx
@@ -0,0 +1,79 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { validDomainName } from "@/utils/validators";
+
+type DeployNodeConfigFormAliyunLiveConfigFieldValues = Nullish<{
+  region: string;
+  domain: string;
+}>;
+
+export type DeployNodeConfigFormAliyunLiveConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: DeployNodeConfigFormAliyunLiveConfigFieldValues;
+  onValuesChange?: (values: DeployNodeConfigFormAliyunLiveConfigFieldValues) => void;
+};
+
+const initFormModel = (): DeployNodeConfigFormAliyunLiveConfigFieldValues => {
+  return {};
+};
+
+const DeployNodeConfigFormAliyunLiveConfig = ({
+  form: formInst,
+  formName,
+  disabled,
+  initialValues,
+  onValuesChange,
+}: DeployNodeConfigFormAliyunLiveConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    region: z
+      .string({ message: t("workflow_node.deploy.form.aliyun_live_region.placeholder") })
+      .nonempty(t("workflow_node.deploy.form.aliyun_live_region.placeholder"))
+      .trim(),
+    domain: z
+      .string({ message: t("workflow_node.deploy.form.aliyun_live_domain.placeholder") })
+      .refine((v) => validDomainName(v, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="region"
+        label={t("workflow_node.deploy.form.aliyun_live_region.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_live_region.tooltip") }}></span>}
+      >
+        <Input placeholder={t("workflow_node.deploy.form.aliyun_live_region.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="domain"
+        label={t("workflow_node.deploy.form.aliyun_live_domain.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_live_domain.tooltip") }}></span>}
+      >
+        <Input placeholder={t("workflow_node.deploy.form.aliyun_live_domain.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default DeployNodeConfigFormAliyunLiveConfig;
diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts
index 82eaeaa1..1db23f01 100644
--- a/ui/src/domain/provider.ts
+++ b/ui/src/domain/provider.ts
@@ -155,6 +155,7 @@ export const DEPLOY_PROVIDERS = Object.freeze({
   ALIYUN_CDN: `${ACCESS_PROVIDERS.ALIYUN}-cdn`,
   ALIYUN_CLB: `${ACCESS_PROVIDERS.ALIYUN}-clb`,
   ALIYUN_DCDN: `${ACCESS_PROVIDERS.ALIYUN}-dcdn`,
+  ALIYUN_LIVE: `${ACCESS_PROVIDERS.ALIYUN}-live`,
   ALIYUN_NLB: `${ACCESS_PROVIDERS.ALIYUN}-nlb`,
   ALIYUN_OSS: `${ACCESS_PROVIDERS.ALIYUN}-oss`,
   BAIDUCLOUD_CDN: `${ACCESS_PROVIDERS.BAIDUCLOUD}-cdn`,
@@ -204,6 +205,7 @@ export const deployProvidersMap: Map<DeployProvider["type"] | string, DeployProv
     [DEPLOY_PROVIDERS.ALIYUN_CLB, "common.provider.aliyun.clb"],
     [DEPLOY_PROVIDERS.ALIYUN_ALB, "common.provider.aliyun.alb"],
     [DEPLOY_PROVIDERS.ALIYUN_NLB, "common.provider.aliyun.nlb"],
+    [DEPLOY_PROVIDERS.ALIYUN_LIVE, "common.provider.aliyun.live"],
     [DEPLOY_PROVIDERS.TENCENTCLOUD_COS, "common.provider.tencentcloud.cos"],
     [DEPLOY_PROVIDERS.TENCENTCLOUD_CDN, "common.provider.tencentcloud.cdn"],
     [DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN, "common.provider.tencentcloud.ecdn"],
@@ -215,8 +217,8 @@ export const deployProvidersMap: Map<DeployProvider["type"] | string, DeployProv
     [DEPLOY_PROVIDERS.VOLCENGINE_TOS, "common.provider.volcengine.tos"],
     [DEPLOY_PROVIDERS.VOLCENGINE_CDN, "common.provider.volcengine.cdn"],
     [DEPLOY_PROVIDERS.VOLCENGINE_DCDN, "common.provider.volcengine.dcdn"],
-    [DEPLOY_PROVIDERS.VOLCENGINE_LIVE, "common.provider.volcengine.live"],
     [DEPLOY_PROVIDERS.VOLCENGINE_CLB, "common.provider.volcengine.clb"],
+    [DEPLOY_PROVIDERS.VOLCENGINE_LIVE, "common.provider.volcengine.live"],
     [DEPLOY_PROVIDERS.QINIU_CDN, "common.provider.qiniu.cdn"],
     [DEPLOY_PROVIDERS.DOGECLOUD_CDN, "common.provider.dogecloud.cdn"],
     [DEPLOY_PROVIDERS.BYTEPLUS_CDN, "common.provider.byteplus.cdn"],
diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json
index bdd8af47..86915bd3 100644
--- a/ui/src/i18n/locales/en/nls.common.json
+++ b/ui/src/i18n/locales/en/nls.common.json
@@ -42,6 +42,7 @@
   "common.provider.aliyun.clb": "Alibaba Cloud - CLB",
   "common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN",
   "common.provider.aliyun.dns": "Alibaba Cloud - DNS",
+  "common.provider.aliyun.live": "Alibaba Cloud - ApsaraVideo Live",
   "common.provider.aliyun.nlb": "Alibaba Cloud - NLB",
   "common.provider.aliyun.oss": "Alibaba Cloud - OSS",
   "common.provider.aws": "AWS",
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index d64fb61d..ab4c7ddc 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -77,61 +77,67 @@
   "workflow_node.deploy.form.aliyun_alb_resource_type.placeholder": "Please select resource type",
   "workflow_node.deploy.form.aliyun_alb_resource_type.option.loadbalancer.label": "ALB load balancer",
   "workflow_node.deploy.form.aliyun_alb_resource_type.option.listener.label": "ALB listener",
-  "workflow_node.deploy.form.aliyun_alb_region.label": "Aliyun region",
-  "workflow_node.deploy.form.aliyun_alb_region.placeholder": "Please enter Aliyun region (e.g. cn-hangzhou)",
+  "workflow_node.deploy.form.aliyun_alb_region.label": "Alibaba Cloud region",
+  "workflow_node.deploy.form.aliyun_alb_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
   "workflow_node.deploy.form.aliyun_alb_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/slb/application-load-balancer/product-overview/supported-regions-and-zones\" target=\"_blank\">https://www.alibabacloud.com/help/en/slb/application-load-balancer/product-overview/supported-regions-and-zones</a>",
-  "workflow_node.deploy.form.aliyun_alb_loadbalancer_id.label": "Aliyun ALB load balancer ID",
-  "workflow_node.deploy.form.aliyun_alb_loadbalancer_id.placeholder": "Please enter Aliyun ALB load balancer ID",
+  "workflow_node.deploy.form.aliyun_alb_loadbalancer_id.label": "Alibaba Cloud ALB load balancer ID",
+  "workflow_node.deploy.form.aliyun_alb_loadbalancer_id.placeholder": "Please enter Alibaba Cloud ALB load balancer ID",
   "workflow_node.deploy.form.aliyun_alb_loadbalancer_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
-  "workflow_node.deploy.form.aliyun_alb_listener_id.label": "Aliyun ALB listener ID",
-  "workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "Please enter Aliyun ALB listener ID",
+  "workflow_node.deploy.form.aliyun_alb_listener_id.label": "Alibaba Cloud ALB listener ID",
+  "workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "Please enter Alibaba Cloud ALB listener ID",
   "workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
-  "workflow_node.deploy.form.aliyun_alb_snidomain.label": "Aliyun ALB SNI domain (Optional)",
-  "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "Please enter Aliyun ALB SNI domain name",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.label": "Alibaba Cloud ALB SNI domain (Optional)",
+  "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "Please enter Alibaba Cloud ALB SNI domain name",
   "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
   "workflow_node.deploy.form.aliyun_clb_resource_type.label": "Resource type",
   "workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "Please select resource type",
   "workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "CLB load balancer",
   "workflow_node.deploy.form.aliyun_clb_resource_type.option.listener.label": "CLB listener",
-  "workflow_node.deploy.form.aliyun_clb_region.label": "Aliyun region",
-  "workflow_node.deploy.form.aliyun_clb_region.placeholder": "Please enter Aliyun region (e.g. cn-hangzhou)",
+  "workflow_node.deploy.form.aliyun_clb_region.label": "Alibaba Cloud region",
+  "workflow_node.deploy.form.aliyun_clb_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
   "workflow_node.deploy.form.aliyun_clb_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/slb/classic-load-balancer/product-overview/regions-that-support-clb\" target=\"_blank\">https://www.alibabacloud.com/help/en/slb/classic-load-balancer/product-overview/regions-that-support-clb</a>",
-  "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "Aliyun CLB load balancer ID",
-  "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "Please enter Aliyun CLB load balancer ID",
+  "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "Alibaba Cloud CLB load balancer ID",
+  "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "Please enter Alibaba Cloud CLB load balancer ID",
   "workflow_node.deploy.form.aliyun_clb_loadbalancer_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
-  "workflow_node.deploy.form.aliyun_clb_listener_port.label": "Aliyun CLB listener port",
-  "workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "Please enter Aliyun CLB listener port",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.label": "Alibaba Cloud CLB listener port",
+  "workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "Please enter Alibaba Cloud CLB listener port",
   "workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
-  "workflow_node.deploy.form.aliyun_clb_snidomain.label": "Aliyun CLB SNI domain (Optional)",
-  "workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "Please enter Aliyun CLB SNI domain name",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.label": "Alibaba Cloud CLB SNI domain (Optional)",
+  "workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "Please enter Alibaba Cloud CLB SNI domain name",
   "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
-  "workflow_node.deploy.form.aliyun_cdn_domain.label": "Aliyun CDN domain",
-  "workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "Please enter Aliyun CDN domain name",
+  "workflow_node.deploy.form.aliyun_cdn_domain.label": "Alibaba Cloud CDN domain",
+  "workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "Please enter Alibaba Cloud CDN domain name",
   "workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "For more information, see <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a>",
-  "workflow_node.deploy.form.aliyun_dcdn_domain.label": "Aliyun DCDN domain",
-  "workflow_node.deploy.form.aliyun_dcdn_domain.placeholder": "Please enter Aliyun DCDN domain name",
+  "workflow_node.deploy.form.aliyun_dcdn_domain.label": "Alibaba Cloud DCDN domain",
+  "workflow_node.deploy.form.aliyun_dcdn_domain.placeholder": "Please enter Alibaba Cloud DCDN domain name",
   "workflow_node.deploy.form.aliyun_dcdn_domain.tooltip": "For more information, see <a href=\"https://dcdn.console.aliyun.com\" target=\"_blank\">https://dcdn.console.aliyun.com</a>",
+  "workflow_node.deploy.form.aliyun_live_region.label": "Alibaba Cloud region",
+  "workflow_node.deploy.form.aliyun_live_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
+  "workflow_node.deploy.form.aliyun_live_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/live/product-overview/supported-regions\" target=\"_blank\">https://www.alibabacloud.com/help/en/live/product-overview/supported-regions</a>",
+  "workflow_node.deploy.form.aliyun_live_domain.label": "Alibaba Cloud live streaming domain",
+  "workflow_node.deploy.form.aliyun_live_domain.placeholder": "Please enter Alibaba Cloud live streaming domain name",
+  "workflow_node.deploy.form.aliyun_live_domain.tooltip": "For more information, see <a href=\"https://live.console.aliyun.com\" target=\"_blank\">https://live.console.aliyun.com</a>",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.label": "Resource type",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.placeholder": "Please select resource type",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.option.loadbalancer.label": "NLB load balancer",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.option.listener.label": "NLB listener",
-  "workflow_node.deploy.form.aliyun_nlb_region.label": "Aliyun region",
-  "workflow_node.deploy.form.aliyun_nlb_region.placeholder": "Please enter Aliyun region (e.g. cn-hangzhou)",
+  "workflow_node.deploy.form.aliyun_nlb_region.label": "Alibaba Cloud region",
+  "workflow_node.deploy.form.aliyun_nlb_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
   "workflow_node.deploy.form.aliyun_nlb_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/slb/network-load-balancer/product-overview/regions-that-support-nlb\" target=\"_blank\">https://www.alibabacloud.com/help/en/slb/network-load-balancer/product-overview/regions-that-support-nlb</a>",
-  "workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.label": "Aliyun NLB load balancer ID",
-  "workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.placeholder": "Please enter Aliyun NLB load balancer ID",
+  "workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.label": "Alibaba Cloud NLB load balancer ID",
+  "workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.placeholder": "Please enter Alibaba Cloud NLB load balancer ID",
   "workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/nlb\" target=\"_blank\">https://slb.console.aliyun.com/nlb</a>",
-  "workflow_node.deploy.form.aliyun_nlb_listener_id.label": "Aliyun NLB listener ID",
-  "workflow_node.deploy.form.aliyun_nlb_listener_id.placeholder": "Please enter Aliyun NLB listener ID",
+  "workflow_node.deploy.form.aliyun_nlb_listener_id.label": "Alibaba Cloud NLB listener ID",
+  "workflow_node.deploy.form.aliyun_nlb_listener_id.placeholder": "Please enter Alibaba Cloud NLB listener ID",
   "workflow_node.deploy.form.aliyun_nlb_listener_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/nlb\" target=\"_blank\">https://slb.console.aliyun.com/nlb</a>",
-  "workflow_node.deploy.form.aliyun_oss_endpoint.label": "Aliyun OSS endpoint",
-  "workflow_node.deploy.form.aliyun_oss_endpoint.placeholder": "Please enter Aliyun OSS endpoint",
+  "workflow_node.deploy.form.aliyun_oss_endpoint.label": "Alibaba Cloud OSS endpoint",
+  "workflow_node.deploy.form.aliyun_oss_endpoint.placeholder": "Please enter Alibaba Cloud OSS endpoint",
   "workflow_node.deploy.form.aliyun_oss_endpoint.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints\" target=\"_blank\">https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints</a>",
-  "workflow_node.deploy.form.aliyun_oss_bucket.label": "Aliyun OSS bucket",
-  "workflow_node.deploy.form.aliyun_oss_bucket.placeholder": "Please enter Aliyun OSS bucket name",
+  "workflow_node.deploy.form.aliyun_oss_bucket.label": "Alibaba Cloud OSS bucket",
+  "workflow_node.deploy.form.aliyun_oss_bucket.placeholder": "Please enter Alibaba Cloud OSS bucket name",
   "workflow_node.deploy.form.aliyun_oss_bucket.tooltip": "For more information, see <a href=\"https://oss.console.aliyun.com\" target=\"_blank\">https://oss.console.aliyun.com</a>",
-  "workflow_node.deploy.form.aliyun_oss_domain.label": "Aliyun OSS domain",
-  "workflow_node.deploy.form.aliyun_oss_domain.placeholder": "Please enter Aliyun OSS domain name",
+  "workflow_node.deploy.form.aliyun_oss_domain.label": "Alibaba Cloud OSS domain",
+  "workflow_node.deploy.form.aliyun_oss_domain.placeholder": "Please enter Alibaba Cloud OSS domain name",
   "workflow_node.deploy.form.aliyun_oss_domain.tooltip": "For more information, see <a href=\"https://oss.console.aliyun.com\" target=\"_blank\">https://oss.console.aliyun.com</a>",
   "workflow_node.deploy.form.baiducloud_cdn_domain.label": "Baidu Cloud CDN domain",
   "workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "Please enter Baidu Cloud CDN domain name",
diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json
index 7ad4c681..05b54c96 100644
--- a/ui/src/i18n/locales/zh/nls.common.json
+++ b/ui/src/i18n/locales/zh/nls.common.json
@@ -42,6 +42,7 @@
   "common.provider.aliyun.clb": "阿里云 - 传统型负载均衡 CLB",
   "common.provider.aliyun.dcdn": "阿里云 - 全站加速 DCDN",
   "common.provider.aliyun.dns": "阿里云 - 云解析 DNS",
+  "common.provider.aliyun.live": "阿里云 - 视频直播 Live",
   "common.provider.aliyun.nlb": "阿里云 - 网络型负载均衡 NLB",
   "common.provider.aliyun.oss": "阿里云 - 对象存储 OSS",
   "common.provider.aws": "AWS",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index 7b4a9e01..26ecfc3c 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -111,6 +111,12 @@
   "workflow_node.deploy.form.aliyun_dcdn_domain.label": "阿里云 DCDN 加速域名（支持泛域名）",
   "workflow_node.deploy.form.aliyun_dcdn_domain.placeholder": "请输入阿里云 DCDN 加速域名",
   "workflow_node.deploy.form.aliyun_dcdn_domain.tooltip": "这是什么？请参阅 <a href=\"https://dcdn.console.aliyun.com\" target=\"_blank\">https://dcdn.console.aliyun.com</a><br><br>泛域名表示形式为：*.example.com",
+  "workflow_node.deploy.form.aliyun_live_region.label": "阿里云地域",
+  "workflow_node.deploy.form.aliyun_live_region.placeholder": "请输入阿里云地域（例如：cn-hangzhou）",
+  "workflow_node.deploy.form.aliyun_live_region.tooltip": "这是什么？请参阅 <a href=\"https://help.aliyun.com/zh/live/product-overview/supported-regions\" target=\"_blank\">https://help.aliyun.com/zh/live/product-overview/supported-regions</a>",
+  "workflow_node.deploy.form.aliyun_live_domain.label": "阿里云视频直播流域名（支持泛域名）",
+  "workflow_node.deploy.form.aliyun_live_domain.placeholder": "阿里云地域视频直播流域名",
+  "workflow_node.deploy.form.aliyun_live_domain.tooltip": "这是什么？请参阅 <a href=\"https://live.console.aliyun.com\" target=\"_blank\">https://live.console.aliyun.com</a>",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.label": "证书替换方式",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.placeholder": "请选择证书替换方式",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/QUIC 监听的证书",

From ab1c9bfdbcdaaed31af01c7e8f35f80535cd19b5 Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Mon, 13 Jan 2025 21:47:13 +0800
Subject: [PATCH 5/6] feat: add tencentcloud css deployer

---
 go.mod                                        |   5 +-
 go.sum                                        |   7 +-
 internal/deployer/providers.go                |  15 ++-
 internal/domain/provider.go                   |   1 +
 .../tencentcloud-css/tencentcloud_css.go      | 109 ++++++++++++++++++
 .../tencentcloud-css/tencentcloud_css_test.go |  75 ++++++++++++
 .../components/workflow/node/DeployNode.tsx   |   2 +-
 .../workflow/node/DeployNodeConfigForm.tsx    |   3 +
 ...loyNodeConfigFormTencentCloudCSSConfig.tsx |  65 +++++++++++
 .../components/workflow/node/_SharedNode.tsx  |   2 +-
 ui/src/domain/provider.ts                     |   2 +
 ui/src/i18n/locales/en/nls.common.json        |  49 ++++----
 .../i18n/locales/en/nls.workflow.nodes.json   |   3 +
 ui/src/i18n/locales/zh/nls.common.json        |   1 +
 .../i18n/locales/zh/nls.workflow.nodes.json   |   5 +-
 15 files changed, 309 insertions(+), 35 deletions(-)
 create mode 100644 internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go
 create mode 100644 internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css_test.go
 create mode 100644 ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCSSConfig.tsx

diff --git a/go.mod b/go.mod
index 79248128..6d8a5d7d 100644
--- a/go.mod
+++ b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/alibabacloud-go/cas-20200407/v3 v3.0.4
 	github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2
 	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10
+	github.com/alibabacloud-go/live-20161101 v1.1.1
 	github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3
 	github.com/alibabacloud-go/slb-20140515/v4 v4.0.9
 	github.com/alibabacloud-go/tea v1.2.2
@@ -29,7 +30,8 @@ require (
 	github.com/qiniu/go-sdk/v7 v7.25.1
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1065
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1065
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1065
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1080
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1080
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1065
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1065
 	github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.8
@@ -50,7 +52,6 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect
-	github.com/alibabacloud-go/live-20161101 v1.1.1 // indirect
 	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
 	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
 	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
diff --git a/go.sum b/go.sum
index ca08858b..16cf7f56 100644
--- a/go.sum
+++ b/go.sum
@@ -187,8 +187,6 @@ github.com/alibabacloud-go/tea-xml v1.1.1/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE
 github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
 github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
-github.com/aliyun/alibaba-cloud-sdk-go v1.63.72 h1:HvFZUzEbNvfe8F2Mg0wBGv90bPhWDxgVtDHR5zoBOU0=
-github.com/aliyun/alibaba-cloud-sdk-go v1.63.72/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.80 h1:Dn5QrIWYgi7IZJkuhrAe33x/jFWlbHCW3Dip1Tv3z9c=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.80/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
@@ -830,10 +828,13 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1065 h1:q0Op2Q
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1065/go.mod h1:UiS7HMWbxGhO/y7nmnHuBMyP4qEDmJeooK6YKWNMuEw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1065 h1:Kb/l5yh9M6Ow59ZRAMcdIBxsNT3uy8fZYh8xy2rM+xQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1065/go.mod h1:bgwicHdrBXLcgB4mQd8pWbSNuM7fIAjhxHfdZ/Hb7p4=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1065 h1:krcqtAmexnHHBm/4ge4tr2b1cn/a7JGBESVGoZYXQAE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1065/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1080 h1:N+Urn1Sva75ZoYh9Gjf7A4kJAA3wWItxsoxyADZBol4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1080/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1065 h1:aEFtLD1ceyeljQXB1S2BjN0zjTkf0X3XmpuxFIiC29w=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1065/go.mod h1:HWvwy09hFSMXrj9SMvVRWV4U7rZO3l+WuogyNuxiT3M=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1080 h1:ygmXHhIedpjo0yFe6LbB+4ygHaVK8mnrwBAllfw7cX8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1080/go.mod h1:UuvtB7f2kQMCBC5vt8hbjWGEba8qzf5YWP+C3VLKY6w=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1065 h1:rHI/2WYmEBfnqVNo5iUy0gu0J7ekFBE/NDV/oKZv448=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1065/go.mod h1:nnd6/G8xfl7RMsm2XYdQT5SfjdxG/U09QaC6qO89JJg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1065 h1:gDuqak8/kNgF99+ksk70JHjI1Poa5pmrgYDW6xYya8I=
diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index c183b2cf..35a818f4 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -23,7 +23,8 @@ import (
 	providerSSH "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/ssh"
 	providerTencentCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cdn"
 	providerTencentCloudCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-clb"
-	providerTencentCloudCOD "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cos"
+	providerTencentCloudCOS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cos"
+	providerTencentCloudCSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-css"
 	providerTencentCloudECDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-ecdn"
 	providerTencentCloudEO "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-eo"
 	providerVolcEngineCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-cdn"
@@ -283,7 +284,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 			return deployer, logger, err
 		}
 
-	case domain.DeployProviderTypeTencentCloudCDN, domain.DeployProviderTypeTencentCloudCLB, domain.DeployProviderTypeTencentCloudCOS, domain.DeployProviderTypeTencentCloudECDN, domain.DeployProviderTypeTencentCloudEO:
+	case domain.DeployProviderTypeTencentCloudCDN, domain.DeployProviderTypeTencentCloudCLB, domain.DeployProviderTypeTencentCloudCOS, domain.DeployProviderTypeTencentCloudCSS, domain.DeployProviderTypeTencentCloudECDN, domain.DeployProviderTypeTencentCloudEO:
 		{
 			access := domain.AccessConfigForTencentCloud{}
 			if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil {
@@ -312,7 +313,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 				return deployer, logger, err
 
 			case domain.DeployProviderTypeTencentCloudCOS:
-				deployer, err := providerTencentCloudCOD.NewWithLogger(&providerTencentCloudCOD.TencentCloudCOSDeployerConfig{
+				deployer, err := providerTencentCloudCOS.NewWithLogger(&providerTencentCloudCOS.TencentCloudCOSDeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
 					Region:    maps.GetValueAsString(options.ProviderDeployConfig, "region"),
@@ -321,6 +322,14 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
 				}, logger)
 				return deployer, logger, err
 
+			case domain.DeployProviderTypeTencentCloudCSS:
+				deployer, err := providerTencentCloudCSS.NewWithLogger(&providerTencentCloudCSS.TencentCloudCSSDeployerConfig{
+					SecretId:  access.SecretId,
+					SecretKey: access.SecretKey,
+					Domain:    maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
+				}, logger)
+				return deployer, logger, err
+
 			case domain.DeployProviderTypeTencentCloudECDN:
 				deployer, err := providerTencentCloudECDN.NewWithLogger(&providerTencentCloudECDN.TencentCloudECDNDeployerConfig{
 					SecretId:  access.SecretId,
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index dd9d1607..7d3f2464 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -89,6 +89,7 @@ const (
 	DeployProviderTypeTencentCloudCDN  = DeployProviderType("tencentcloud-cdn")
 	DeployProviderTypeTencentCloudCLB  = DeployProviderType("tencentcloud-clb")
 	DeployProviderTypeTencentCloudCOS  = DeployProviderType("tencentcloud-cos")
+	DeployProviderTypeTencentCloudCSS  = DeployProviderType("tencentcloud-css")
 	DeployProviderTypeTencentCloudECDN = DeployProviderType("tencentcloud-ecdn")
 	DeployProviderTypeTencentCloudEO   = DeployProviderType("tencentcloud-eo")
 	DeployProviderTypeVolcEngineCDN    = DeployProviderType("volcengine-cdn")
diff --git a/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go b/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go
new file mode 100644
index 00000000..391fc05b
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go
@@ -0,0 +1,109 @@
+package tencentcloudcss
+
+import (
+	"context"
+	"errors"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcLive "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live/v20180801"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	"github.com/usual2970/certimate/internal/pkg/core/logger"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
+)
+
+type TencentCloudCSSDeployerConfig struct {
+	// 腾讯云 SecretId。
+	SecretId string `json:"secretId"`
+	// 腾讯云 SecretKey。
+	SecretKey string `json:"secretKey"`
+	// 直播播放域名（不支持泛域名）。
+	Domain string `json:"domain"`
+}
+
+type TencentCloudCSSDeployer struct {
+	config      *TencentCloudCSSDeployerConfig
+	logger      logger.Logger
+	sdkClient   *tcLive.Client
+	sslUploader uploader.Uploader
+}
+
+var _ deployer.Deployer = (*TencentCloudCSSDeployer)(nil)
+
+func New(config *TencentCloudCSSDeployerConfig) (*TencentCloudCSSDeployer, error) {
+	return NewWithLogger(config, logger.NewNilLogger())
+}
+
+func NewWithLogger(config *TencentCloudCSSDeployerConfig, logger logger.Logger) (*TencentCloudCSSDeployer, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	if logger == nil {
+		return nil, errors.New("logger is nil")
+	}
+
+	client, err := createSdkClient(config.SecretId, config.SecretKey)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{
+		SecretId:  config.SecretId,
+		SecretKey: config.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &TencentCloudCSSDeployer{
+		logger:      logger,
+		config:      config,
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *TencentCloudCSSDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+	}
+
+	d.logger.Logt("certificate file uploaded", upres)
+
+	// 绑定证书对应的播放域名
+	// REF: https://cloud.tencent.com/document/product/267/78655
+	modifyLiveDomainCertBindingsReq := &tcLive.ModifyLiveDomainCertBindingsRequest{
+		DomainInfos: []*tcLive.LiveCertDomainInfo{
+			{
+				DomainName: common.StringPtr(d.config.Domain),
+				Status:     common.Int64Ptr(1),
+			},
+		},
+		CloudCertId: common.StringPtr(upres.CertId),
+	}
+	modifyLiveDomainCertBindingsResp, err := d.sdkClient.ModifyLiveDomainCertBindings(modifyLiveDomainCertBindingsReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.ModifyLiveDomainCertBindings'")
+	}
+
+	d.logger.Logt("已部署证书到云资源实例", modifyLiveDomainCertBindingsResp.Response)
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(secretId, secretKey string) (*tcLive.Client, error) {
+	credential := common.NewCredential(secretId, secretKey)
+
+	client, err := tcLive.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
diff --git a/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css_test.go b/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css_test.go
new file mode 100644
index 00000000..4efe7bba
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css_test.go
@@ -0,0 +1,75 @@
+package tencentcloudcss_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-css"
+)
+
+var (
+	fInputCertPath string
+	fInputKeyPath  string
+	fSecretId      string
+	fSecretKey     string
+	fDomain        string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fSecretId, argsPrefix+"SECRETID", "", "")
+	flag.StringVar(&fSecretKey, argsPrefix+"SECRETKEY", "", "")
+	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./tencentcloud_css_test.go -args \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_SECRETID="your-secret-id" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_SECRETKEY="your-secret-key" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_DOMAIN="example.com"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("SECRETID: %v", fSecretId),
+			fmt.Sprintf("SECRETKEY: %v", fSecretKey),
+			fmt.Sprintf("DOMAIN: %v", fDomain),
+		}, "\n"))
+
+		deployer, err := provider.New(&provider.TencentCloudCSSDeployerConfig{
+			SecretId:  fSecretId,
+			SecretKey: fSecretKey,
+			Domain:    fDomain,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}
diff --git a/ui/src/components/workflow/node/DeployNode.tsx b/ui/src/components/workflow/node/DeployNode.tsx
index ce3952d1..8a211a67 100644
--- a/ui/src/components/workflow/node/DeployNode.tsx
+++ b/ui/src/components/workflow/node/DeployNode.tsx
@@ -45,7 +45,7 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
     const config = (node.config as WorkflowNodeConfigForDeploy) ?? {};
     const provider = deployProvidersMap.get(config.provider);
     return (
-      <Space>
+      <Space className="max-w-full">
         <Avatar src={provider?.icon} size="small" />
         <Typography.Text className="truncate">{t(provider?.name ?? "")}</Typography.Text>
       </Space>
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index b369a478..2643b2c7 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -34,6 +34,7 @@ import DeployNodeConfigFormSSHConfig from "./DeployNodeConfigFormSSHConfig.tsx";
 import DeployNodeConfigFormTencentCloudCDNConfig from "./DeployNodeConfigFormTencentCloudCDNConfig.tsx";
 import DeployNodeConfigFormTencentCloudCLBConfig from "./DeployNodeConfigFormTencentCloudCLBConfig.tsx";
 import DeployNodeConfigFormTencentCloudCOSConfig from "./DeployNodeConfigFormTencentCloudCOSConfig.tsx";
+import DeployNodeConfigFormTencentCloudCSSConfig from "./DeployNodeConfigFormTencentCloudCSSConfig.tsx";
 import DeployNodeConfigFormTencentCloudECDNConfig from "./DeployNodeConfigFormTencentCloudECDNConfig.tsx";
 import DeployNodeConfigFormTencentCloudEOConfig from "./DeployNodeConfigFormTencentCloudEOConfig.tsx";
 import DeployNodeConfigFormVolcEngineCDNConfig from "./DeployNodeConfigFormVolcEngineCDNConfig.tsx";
@@ -149,6 +150,8 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
           return <DeployNodeConfigFormTencentCloudCLBConfig {...nestedFormProps} />;
         case DEPLOY_PROVIDERS.TENCENTCLOUD_COS:
           return <DeployNodeConfigFormTencentCloudCOSConfig {...nestedFormProps} />;
+        case DEPLOY_PROVIDERS.TENCENTCLOUD_CSS:
+          return <DeployNodeConfigFormTencentCloudCSSConfig {...nestedFormProps} />;
         case DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN:
           return <DeployNodeConfigFormTencentCloudECDNConfig {...nestedFormProps} />;
         case DEPLOY_PROVIDERS.TENCENTCLOUD_EO:
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCSSConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCSSConfig.tsx
new file mode 100644
index 00000000..c05b1e7a
--- /dev/null
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCSSConfig.tsx
@@ -0,0 +1,65 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { validDomainName } from "@/utils/validators";
+
+type DeployNodeConfigFormTencentCloudCSSConfigFieldValues = Nullish<{
+  domain: string;
+}>;
+
+export type DeployNodeConfigFormTencentCloudCSSConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: DeployNodeConfigFormTencentCloudCSSConfigFieldValues;
+  onValuesChange?: (values: DeployNodeConfigFormTencentCloudCSSConfigFieldValues) => void;
+};
+
+const initFormModel = (): DeployNodeConfigFormTencentCloudCSSConfigFieldValues => {
+  return {};
+};
+
+const DeployNodeConfigFormTencentCloudCSSConfig = ({
+  form: formInst,
+  formName,
+  disabled,
+  initialValues,
+  onValuesChange,
+}: DeployNodeConfigFormTencentCloudCSSConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    domain: z
+      .string({ message: t("workflow_node.deploy.form.tencentcloud_css_domain.placeholder") })
+      .refine((v) => validDomainName(v, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="domain"
+        label={t("workflow_node.deploy.form.tencentcloud_css_domain.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.tencentcloud_css_domain.tooltip") }}></span>}
+      >
+        <Input placeholder={t("workflow_node.deploy.form.tencentcloud_css_domain.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default DeployNodeConfigFormTencentCloudCSSConfig;
diff --git a/ui/src/components/workflow/node/_SharedNode.tsx b/ui/src/components/workflow/node/_SharedNode.tsx
index 906f7d8f..c6ddfe50 100644
--- a/ui/src/components/workflow/node/_SharedNode.tsx
+++ b/ui/src/components/workflow/node/_SharedNode.tsx
@@ -196,7 +196,7 @@ const SharedNodeBlock = ({ children, node, disabled, onClick }: SharedNodeBlockP
           </div>
 
           <div className="flex cursor-pointer flex-col justify-center px-4 py-2" onClick={handleNodeClick}>
-            <div className="text-sm">{children}</div>
+            <div className="overflow-hidden text-sm">{children}</div>
           </div>
         </Card>
       </Popover>
diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts
index 1db23f01..0874fbcc 100644
--- a/ui/src/domain/provider.ts
+++ b/ui/src/domain/provider.ts
@@ -170,6 +170,7 @@ export const DEPLOY_PROVIDERS = Object.freeze({
   TENCENTCLOUD_CDN: `${ACCESS_PROVIDERS.TENCENTCLOUD}-cdn`,
   TENCENTCLOUD_CLB: `${ACCESS_PROVIDERS.TENCENTCLOUD}-clb`,
   TENCENTCLOUD_COS: `${ACCESS_PROVIDERS.TENCENTCLOUD}-cos`,
+  TENCENTCLOUD_CSS: `${ACCESS_PROVIDERS.TENCENTCLOUD}-css`,
   TENCENTCLOUD_ECDN: `${ACCESS_PROVIDERS.TENCENTCLOUD}-ecdn`,
   TENCENTCLOUD_EO: `${ACCESS_PROVIDERS.TENCENTCLOUD}-eo`,
   VOLCENGINE_CDN: `${ACCESS_PROVIDERS.VOLCENGINE}-cdn`,
@@ -211,6 +212,7 @@ export const deployProvidersMap: Map<DeployProvider["type"] | string, DeployProv
     [DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN, "common.provider.tencentcloud.ecdn"],
     [DEPLOY_PROVIDERS.TENCENTCLOUD_EO, "common.provider.tencentcloud.eo"],
     [DEPLOY_PROVIDERS.TENCENTCLOUD_CLB, "common.provider.tencentcloud.clb"],
+    [DEPLOY_PROVIDERS.TENCENTCLOUD_CSS, "common.provider.tencentcloud.css"],
     [DEPLOY_PROVIDERS.HUAWEICLOUD_CDN, "common.provider.huaweicloud.cdn"],
     [DEPLOY_PROVIDERS.HUAWEICLOUD_ELB, "common.provider.huaweicloud.elb"],
     [DEPLOY_PROVIDERS.BAIDUCLOUD_CDN, "common.provider.baiducloud.cdn"],
diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json
index 86915bd3..c8c37a7e 100644
--- a/ui/src/i18n/locales/en/nls.common.json
+++ b/ui/src/i18n/locales/en/nls.common.json
@@ -37,30 +37,30 @@
 
   "common.provider.acmehttpreq": "Http Request (ACME Proxy)",
   "common.provider.aliyun": "Alibaba Cloud",
-  "common.provider.aliyun.alb": "Alibaba Cloud - ALB",
-  "common.provider.aliyun.cdn": "Alibaba Cloud - CDN",
-  "common.provider.aliyun.clb": "Alibaba Cloud - CLB",
-  "common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN",
-  "common.provider.aliyun.dns": "Alibaba Cloud - DNS",
+  "common.provider.aliyun.alb": "Alibaba Cloud - Application Load Balancer (ALB)",
+  "common.provider.aliyun.cdn": "Alibaba Cloud - Content Delivery Network (CDN)",
+  "common.provider.aliyun.clb": "Alibaba Cloud - Classic Load Balancer (CLB)",
+  "common.provider.aliyun.dcdn": "Alibaba Cloud - Dynamic Route for Content Delivery Network (DCDN)",
+  "common.provider.aliyun.dns": "Alibaba Cloud - Domain Name Service (DNS)",
   "common.provider.aliyun.live": "Alibaba Cloud - ApsaraVideo Live",
-  "common.provider.aliyun.nlb": "Alibaba Cloud - NLB",
-  "common.provider.aliyun.oss": "Alibaba Cloud - OSS",
+  "common.provider.aliyun.nlb": "Alibaba Cloud - Network Load Balancer (NLB)",
+  "common.provider.aliyun.oss": "Alibaba Cloud - Object Storage Service (OSS)",
   "common.provider.aws": "AWS",
   "common.provider.aws.route53": "AWS - Route53",
   "common.provider.azure": "Azure",
   "common.provider.azure.dns": "Azure - DNS",
   "common.provider.baiducloud": "Baidu Cloud",
-  "common.provider.baiducloud.cdn": "Baidu Cloud - CDN",
+  "common.provider.baiducloud.cdn": "Baidu Cloud - Content Delivery Network (CDN)",
   "common.provider.byteplus": "BytePlus",
-  "common.provider.byteplus.cdn": "BytePlus - CDN",
+  "common.provider.byteplus.cdn": "BytePlus - Content Delivery Network (CDN)",
   "common.provider.cloudflare": "Cloudflare",
   "common.provider.dogecloud": "Doge Cloud",
-  "common.provider.dogecloud.cdn": "Doge Cloud - CDN",
+  "common.provider.dogecloud.cdn": "Doge Cloud - Content Delivery Network (CDN)",
   "common.provider.godaddy": "GoDaddy",
   "common.provider.huaweicloud": "Huawei Cloud",
-  "common.provider.huaweicloud.cdn": "Huawei Cloud - CDN",
-  "common.provider.huaweicloud.dns": "Huawei Cloud - DNS",
-  "common.provider.huaweicloud.elb": "Huawei Cloud - ELB",
+  "common.provider.huaweicloud.cdn": "Huawei Cloud - Content Delivery Network (CDN)",
+  "common.provider.huaweicloud.dns": "Huawei Cloud - Domain Name Service (DNS)",
+  "common.provider.huaweicloud.elb": "Huawei Cloud - Elastic Load Balance (ELB)",
   "common.provider.kubernetes": "Kubernetes",
   "common.provider.kubernetes.secret": "Kubernetes - Secret",
   "common.provider.local": "Local deployment",
@@ -68,22 +68,23 @@
   "common.provider.namesilo": "NameSilo",
   "common.provider.powerdns": "PowerDNS",
   "common.provider.qiniu": "Qiniu",
-  "common.provider.qiniu.cdn": "Qiniu - CDN",
+  "common.provider.qiniu.cdn": "Qiniu - Content Delivery Network (CDN)",
   "common.provider.ssh": "SSH deployment",
   "common.provider.tencentcloud": "Tencent Cloud",
-  "common.provider.tencentcloud.cdn": "Tencent Cloud - CDN",
-  "common.provider.tencentcloud.clb": "Tencent Cloud - CLB",
-  "common.provider.tencentcloud.cos": "Tencent Cloud - COS",
-  "common.provider.tencentcloud.dns": "Tencent Cloud - DNS",
-  "common.provider.tencentcloud.ecdn": "Tencent Cloud - ECDN",
+  "common.provider.tencentcloud.cdn": "Tencent Cloud - Content Delivery Network (CDN)",
+  "common.provider.tencentcloud.clb": "Tencent Cloud - Cloud Load Balancer (CLB)",
+  "common.provider.tencentcloud.cos": "Tencent Cloud - Cloud Object Storage (COS)",
+  "common.provider.tencentcloud.css": "Tencent Cloud - Cloud Streaming Service (CSS)",
+  "common.provider.tencentcloud.dns": "Tencent Cloud - Domain Name Service (DNS)",
+  "common.provider.tencentcloud.ecdn": "Tencent Cloud - Enterprise Content Delivery Network (ECDN)",
   "common.provider.tencentcloud.eo": "Tencent Cloud - EdgeOne",
   "common.provider.volcengine": "Volcengine",
-  "common.provider.volcengine.cdn": "Volcengine - CDN",
-  "common.provider.volcengine.clb": "Volcengine - CLB",
-  "common.provider.volcengine.dcdn": "Volcengine - DCDN",
-  "common.provider.volcengine.dns": "Volcengine - DNS",
+  "common.provider.volcengine.cdn": "Volcengine - Content Delivery Network (CDN)",
+  "common.provider.volcengine.clb": "Volcengine - Cloud Load Balancer (CLB)",
+  "common.provider.volcengine.dcdn": "Volcengine - Dynamic Content Delivery Network (DCDN)",
+  "common.provider.volcengine.dns": "Volcengine - Domain Name Service (DNS)",
   "common.provider.volcengine.live": "Volcengine - Live",
-  "common.provider.volcengine.tos": "Volcengine - TOS",
+  "common.provider.volcengine.tos": "Volcengine - Tinder Object Storage (TOS)",
   "common.provider.webhook": "Webhook",
 
   "common.notifier.bark": "Bark",
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index ab4c7ddc..0ec16538 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -289,6 +289,9 @@
   "workflow_node.deploy.form.tencentcloud_cos_domain.label": "Tencent Cloud COS domain",
   "workflow_node.deploy.form.tencentcloud_cos_domain.placeholder": "Please enter Tencent Cloud COS domain name",
   "workflow_node.deploy.form.tencentcloud_cos_domain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/cos\" target=\"_blank\">https://console.tencentcloud.com/cos</a>",
+  "workflow_node.deploy.form.tencentcloud_css_domain.label": "Tencent Cloud CSS playing domain",
+  "workflow_node.deploy.form.tencentcloud_css_domain.placeholder": "Please enter Tencent Cloud CSS playing domain name",
+  "workflow_node.deploy.form.tencentcloud_css_domain.tooltip": "For more information, see <a href=\"https://console.cloud.tencent.com/live/livestat\" target=\"_blank\">https://console.cloud.tencent.com/live/livestat</a>",
   "workflow_node.deploy.form.tencentcloud_ecdn_domain.label": "Tencent Cloud ECDN domain",
   "workflow_node.deploy.form.tencentcloud_ecdn_domain.placeholder": "Please enter Tencent Cloud ECDN domain name",
   "workflow_node.deploy.form.tencentcloud_ecdn_domain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/cdn\" target=\"_blank\">https://console.tencentcloud.com/cdn</a>",
diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json
index 05b54c96..0a7d93cf 100644
--- a/ui/src/i18n/locales/zh/nls.common.json
+++ b/ui/src/i18n/locales/zh/nls.common.json
@@ -74,6 +74,7 @@
   "common.provider.tencentcloud.cdn": "腾讯云 - 内容分发网络 CDN",
   "common.provider.tencentcloud.clb": "腾讯云 - 负载均衡 CLB",
   "common.provider.tencentcloud.cos": "腾讯云 - 对象存储 COS",
+  "common.provider.tencentcloud.css": "腾讯云 - 云直播 CSS",
   "common.provider.tencentcloud.dns": "腾讯云 - 云解析 DNS",
   "common.provider.tencentcloud.ecdn": "腾讯云 - 全站加速网络 ECDN",
   "common.provider.tencentcloud.eo": "腾讯云 - 边缘安全加速平台 EdgeOne",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index 26ecfc3c..c06ff102 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -115,7 +115,7 @@
   "workflow_node.deploy.form.aliyun_live_region.placeholder": "请输入阿里云地域（例如：cn-hangzhou）",
   "workflow_node.deploy.form.aliyun_live_region.tooltip": "这是什么？请参阅 <a href=\"https://help.aliyun.com/zh/live/product-overview/supported-regions\" target=\"_blank\">https://help.aliyun.com/zh/live/product-overview/supported-regions</a>",
   "workflow_node.deploy.form.aliyun_live_domain.label": "阿里云视频直播流域名（支持泛域名）",
-  "workflow_node.deploy.form.aliyun_live_domain.placeholder": "阿里云地域视频直播流域名",
+  "workflow_node.deploy.form.aliyun_live_domain.placeholder": "请输入阿里云视频直播流域名",
   "workflow_node.deploy.form.aliyun_live_domain.tooltip": "这是什么？请参阅 <a href=\"https://live.console.aliyun.com\" target=\"_blank\">https://live.console.aliyun.com</a>",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.label": "证书替换方式",
   "workflow_node.deploy.form.aliyun_nlb_resource_type.placeholder": "请选择证书替换方式",
@@ -289,6 +289,9 @@
   "workflow_node.deploy.form.tencentcloud_cos_domain.label": "腾讯云 COS 自定义域名",
   "workflow_node.deploy.form.tencentcloud_cos_domain.placeholder": "请输入腾讯云 COS 自定义域名",
   "workflow_node.deploy.form.tencentcloud_cos_domain.tooltip": "这是什么？请参阅 see <a href=\"https://console.cloud.tencent.com/cos\" target=\"_blank\">https://console.cloud.tencent.com/cos</a>",
+  "workflow_node.deploy.form.tencentcloud_css_domain.label": "腾讯云云直播播放域名",
+  "workflow_node.deploy.form.tencentcloud_css_domain.placeholder": "请输入腾讯云云直播播放域名",
+  "workflow_node.deploy.form.tencentcloud_css_domain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/live/livestat\" target=\"_blank\">https://console.cloud.tencent.com/live/livestat</a>",
   "workflow_node.deploy.form.tencentcloud_ecdn_domain.label": "腾讯云 ECDN 加速域名（支持泛域名）",
   "workflow_node.deploy.form.tencentcloud_ecdn_domain.placeholder": "请输入腾讯云 ECDN 加速域名",
   "workflow_node.deploy.form.tencentcloud_ecdn_domain.tooltip": "这是什么？请参阅 <a href=\"https://console.cloud.tencent.com/cdn\" target=\"_blank\">https://console.cloud.tencent.com/cdn</a><br><br>泛域名表示形式为：*.example.com",

From 70b8aaf84560664e51347e65b6dc7191ccf31af6 Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Mon, 13 Jan 2025 22:26:21 +0800
Subject: [PATCH 6/6] update README

---
 README.md    | 95 ++++++++++++++++++++++++++++++++++------------------
 README_EN.md | 69 +++++++++++++++++++++++++++-----------
 2 files changed, 111 insertions(+), 53 deletions(-)

diff --git a/README.md b/README.md
index cdab387a..f6b33ead 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Certimate 就是为了解决上述问题而产生的，它具有以下特点：
 
 1. 操作简单：自动申请、部署、续期 SSL 证书，全程无需人工干预。
 2. 支持私有部署：部署方法简单，只需下载二进制文件执行即可。二进制文件、Docker 镜像全部用 Github Actions 生成，过程透明，可自行审计。
-3. 数据安全：由于是私有部署，所有数据均存储在本地，不会保存在服务商的服务器，确保数据的安全性。
+3. 数据安全：由于是私有部署，所有数据均存储在本地，不会保存在提供商的服务器，确保数据的安全性。
 
 相关文章：
 
@@ -76,49 +76,78 @@ make local.run
 
 [![观看视频](https://i.imgur.com/4DAUKEE.gif)](https://www.bilibili.com/video/BV1xockeZEm2)
 
-## 三、支持的服务商列表
+## 三、支持的提供商列表
 
-|   服务商   | 支持申请证书 | 支持部署证书 | 备注                                                              |
-| :--------: | :----------: | :----------: | ----------------------------------------------------------------- |
-|   阿里云   |      √       |      √       | 可签发在阿里云注册的域名；可部署到阿里云 OSS、CDN、SLB            |
-|   腾讯云   |      √       |      √       | 可签发在腾讯云注册的域名；可部署到腾讯云 COS、CDN、ECDN、CLB、TEO |
-| 百度智能云 |              |      √       | 可部署到百度智能云 CDN                                            |
-|   华为云   |      √       |      √       | 可签发在华为云注册的域名；可部署到华为云 CDN、ELB                 |
-|   七牛云   |              |      √       | 可部署到七牛云 CDN                                                |
-|   多吉云   |              |      √       | 可部署到多吉云 CDN                                                |
-|  火山引擎  |      √       |      √       | 可签发在火山引擎注册的域名；可部署到火山引擎 Live、CDN            |
-|    AWS     |      √       |              | 可签发在 AWS Route53 托管的域名                                   |
-| CloudFlare |      √       |              | 可签发在 CloudFlare 注册的域名；CloudFlare 服务自带 SSL 证书      |
-|  GoDaddy   |      √       |              | 可签发在 GoDaddy 注册的域名                                       |
-|  Name.com  |      √       |              | 可签发在 Name.com 注册的域名                                      |
-|  NameSilo  |      √       |              | 可签发在 NameSilo 注册的域名                                      |
-|  PowerDNS  |      √       |              | 可签发在 PowerDNS 托管的域名                                      |
-| HTTP 请求  |      √       |              | 可签发允许通过 HTTP 请求修改 DNS 的域名                           |
-|  本地部署  |              |      √       | 可部署到本地服务器                                                |
-|    SSH     |              |      √       | 可部署到 SSH 服务器                                               |
-|  Webhook   |              |      √       | 可部署时回调到 Webhook                                            |
-| Kubernetes |              |      √       | 可部署到 Kubernetes Secret                                        |
+### 证书申请
+
+支持以下的 DNS 提供商的托管域名：
+
+<details>
+
+<summary>[展开查看]</summary>
+
+| 提供商                                         | 备注                                    |
+| :--------------------------------------------- | :-------------------------------------- |
+| [阿里云](https://www.aliyun.com/)              |                                         |
+| [腾讯云](https://cloud.tencent.com/)           |                                         |
+| [华为云](https://www.huaweicloud.com/)         |                                         |
+| [火山引擎](https://www.volcengine.com/)        |                                         |
+| [AWS Route53](https://aws.amazon.com/route53/) |                                         |
+| [Azure](https://azure.microsoft.com/)          |                                         |
+| [CloudFlare](https://www.cloudflare.com/)      |                                         |
+| [GoDaddy](https://www.godaddy.com/)            |                                         |
+| [Name.com](https://www.name.com/)              |                                         |
+| [NameSilo](https://www.namesilo.com/)          |                                         |
+| [PowerDNS](https://www.powerdns.com/)          |                                         |
+| ACME 代理 HTTP 请求                            | 可申请允许通过 HTTP 请求修改 DNS 的域名 |
+
+</details>
+
+### 证书部署
+
+支持以下的主机提供商：
+
+<details>
+
+<summary>[展开查看]</summary>
+
+| 提供商                                  | 备注                                                           |
+| :-------------------------------------- | :------------------------------------------------------------- |
+| 本地部署                                | 可部署到本地服务器                                             |
+| SSH 部署                                | 可部署到远程服务器（通过 SSH+SFTP）                            |
+| Webhook 回调                            | 可部署到 Webhook                                               |
+| [Kubernetes](https://kubernetes.io/)    | 可部署到 Kubernetes Secret                                     |
+| [阿里云](https://www.aliyun.com/)       | 可部署到阿里云 OSS、CDN、DCDN、SLB（CLB/ALB/NLB）、Live 等服务 |
+| [腾讯云](https://cloud.tencent.com/)    | 可部署到腾讯云 COS、CDN、ECDN、EdgeOne、CLB、CSS 等服务        |
+| [百度智能云](https://cloud.baidu.com/)  | 可部署到百度智能云 CDN 等服务                                  |
+| [华为云](https://www.huaweicloud.com/)  | 可部署到华为云 CDN、ELB 等服务                                 |
+| [火山引擎](https://www.volcengine.com/) | 可部署到火山引擎 TOS、CDN、DCDN、CLB、Live 等服务              |
+| [七牛云](https://www.qiniu.com/)        | 可部署到七牛云 CDN                                             |
+| [多吉云](https://www.dogecloud.com/)    | 可部署到多吉云 CDN                                             |
+| [BytePlus](https://www.byteplus.com/)   | 可部署到 BytePlus CDN 等服务                                   |
+
+</details>
 
 ## 四、概念
 
 Certimate 的工作流程如下：
 
-- 用户通过 Certimate 管理页面填写申请证书的信息，包括域名、DNS 服务商的授权信息、以及要部署到的服务商的授权信息。
+- 用户通过 Certimate 管理页面填写申请证书的信息，包括域名、DNS 提供商的授权信息、以及要部署到的提供商的授权信息。
 - Certimate 向证书厂商的 API 发起申请请求，获取 SSL 证书。
 - Certimate 存储证书信息，包括证书内容、私钥、证书有效期等，并在证书即将过期时自动续期。
-- Certimate 向服务商的 API 发起部署请求，将证书部署到服务商的服务器上。
+- Certimate 向提供商的 API 发起部署请求，将证书部署到提供商的服务器上。
 
-这就涉及域名、DNS 服务商的授权信息、部署服务商的授权信息等。
+这就涉及域名、DNS 提供商的授权信息、部署提供商的授权信息等。
 
 ### 1. 域名
 
 就是要申请证书的域名。
 
-### 2. DNS 服务商授权信息
+### 2. DNS 提供商授权信息
 
-给域名申请证书需要证明域名是你的，所以我们手动申请证书的时候一般需要在域名服务商的控制台解析记录中添加一个 TXT 域名解析记录。
+给域名申请证书需要证明域名是你的，所以我们手动申请证书的时候一般需要在域名提供商的控制台解析记录中添加一个 TXT 域名解析记录。
 
-Certimate 会自动添加一个 TXT 域名解析记录，你只需要在 Certimate 后台中填写你的域名服务商的授权信息即可。
+Certimate 会自动添加一个 TXT 域名解析记录，你只需要在 Certimate 后台中填写你的域名提供商的授权信息即可。
 
 比如你在阿里云购买的域名，授权信息如下：
 
@@ -134,15 +163,15 @@ secretId: your-secret-id
 secretKey: your-secret-key
 ```
 
-注意，此授权信息需具有访问域名及 DNS 解析的管理权限，具体的权限清单请参阅各服务商自己的技术文档。
+注意，此授权信息需具有访问域名及 DNS 解析的管理权限，具体的权限清单请参阅各提供商自己的技术文档。
 
-### 3. 部署服务商授权信息
+### 3. 部署提供商授权信息
 
 Certimate 申请证书后，会自动将证书部署到你指定的目标上，比如阿里云 CDN，Certimate 会根据你填写的授权信息及域名找到对应的 CDN 服务，并将证书部署到对应的 CDN 服务上。
 
-部署服务商授权信息和 DNS 服务商授权信息基本一致，区别在于 DNS 服务商授权信息用于证明域名是你的，部署服务商授权信息用于提供证书部署的授权信息。
+部署提供商授权信息和 DNS 提供商授权信息基本一致，区别在于 DNS 提供商授权信息用于证明域名是你的，部署提供商授权信息用于提供证书部署的授权信息。
 
-注意，此授权信息需具有访问部署目标服务的相关管理权限，具体的权限清单请参阅各服务商自己的技术文档。
+注意，此授权信息需具有访问部署目标服务的相关管理权限，具体的权限清单请参阅各提供商自己的技术文档。
 
 ## 五、常见问题
 
@@ -167,7 +196,7 @@ Certimate 是一个免费且开源的项目，采用 [MIT 开源协议](LICENSE.
 - 提交代码：如果你发现了 Bug 或有新的功能需求，而你又有相关经验，可以[提交代码](CONTRIBUTING.md)给我们。
 - 提交 Issue：功能建议或者 Bug 可以[提交 Issue](https://github.com/usual2970/certimate/issues) 给我们。
 
-支持更多服务商、UI 的优化改进、Bug 修复、文档完善等，欢迎大家提交 PR。
+支持更多提供商、UI 的优化改进、Bug 修复、文档完善等，欢迎大家提交 PR。
 
 ## 七、免责声明
 
diff --git a/README_EN.md b/README_EN.md
index 609ad3b1..153db7f0 100644
--- a/README_EN.md
+++ b/README_EN.md
@@ -77,26 +77,55 @@ password：1234567890
 
 ## List of Supported Providers
 
-|   Provider    | Registration | Deployment | Remarks                                                                                                     |
-| :-----------: | :----------: | :--------: | ----------------------------------------------------------------------------------------------------------- |
-| Alibaba Cloud |      √       |     √      | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN,SLB             |
-| Tencent Cloud |      √       |     √      | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, ECDN, CLB, TEO |
-|  Baidu Cloud  |              |     √      | Supports deployment to Baidu Cloud CDN                                                                      |
-| Huawei Cloud  |      √       |     √      | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB                   |
-|  Qiniu Cloud  |              |     √      | Supports deployment to Qiniu Cloud CDN                                                                      |
-|  Doge Cloud   |              |     √      | Supports deployment to Doge Cloud CDN                                                                       |
-|  Volcengine   |      √       |     √      | Supports domains registered on Volcengine; supports deployment to Volcengine Live, CDN                      |
-|      AWS      |      √       |            | Supports domains managed on AWS Route53                                                                     |
-|  CloudFlare   |      √       |            | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates                   |
-|    GoDaddy    |      √       |            | Supports domains registered on GoDaddy                                                                      |
-|   Name.com    |      √       |            | Supports domains registered on Name.com                                                                     |
-|   NameSilo    |      √       |            | Supports domains registered on NameSilo                                                                     |
-|   PowerDNS    |      √       |            | Supports domains managed on PowerDNS                                                                        |
-| HTTP Request  |      √       |            | Supports domains which allow managing DNS by HTTP request                                                   |
-| Local Deploy  |              |     √      | Supports deployment to local servers                                                                        |
-|      SSH      |              |     √      | Supports deployment to SSH servers                                                                          |
-|    Webhook    |              |     √      | Supports callback to Webhook                                                                                |
-|  Kubernetes   |              |     √      | Supports deployment to Kubernetes Secret                                                                    |
+### Request certificates
+
+The following DNS providers are supported:
+
+<details>
+
+<summary>[Fold/Unfold to view ...]</summary>
+
+| Provider                                       | Remarks                               |
+| :--------------------------------------------- | :------------------------------------ |
+| [Alibaba Cloud](https://www.alibabacloud.com/) |                                       |
+| [Tencent Cloud](https://www.tencentcloud.com/) |                                       |
+| [Huawei Cloud](https://www.huaweicloud.com/)   |                                       |
+| [Volcengine](https://www.volcengine.com/)      |                                       |
+| [AWS Route53](https://aws.amazon.com/route53/) |                                       |
+| [Azure DNS](https://azure.microsoft.com/)      |                                       |
+| [CloudFlare](https://www.cloudflare.com/)      |                                       |
+| [GoDaddy](https://www.godaddy.com/)            |                                       |
+| [Name.com](https://www.name.com/)              |                                       |
+| [NameSilo](https://www.namesilo.com/)          |                                       |
+| [PowerDNS](https://www.powerdns.com/)          |                                       |
+| ACME Proxy HTTP Request                        | Supports managing DNS by HTTP request |
+
+</details>
+
+### Deploy certificates
+
+The following hosting providers are supported:
+
+<details>
+
+<summary>[Fold/Unfold to view ...]</summary>
+
+| Provider                                        | Remarks                                                                     |
+| :---------------------------------------------- | :-------------------------------------------------------------------------- |
+| Local                                           | Supports deployment to local servers                                        |
+| SSH                                             | Supports deployment to remote servers (via SSH+SFTP)                        |
+| Webhook                                         | Supports deployment to Webhook                                              |
+| [Kubernetes](https://kubernetes.io/)            | Supports deployment to Kubernetes Secret                                    |
+| [Alibaba Cloud](https://www.alibabacloud.com/)  | Supports deployment to Alibaba Cloud OSS, CDN, DCDN, SLB(CLB/ALB/NLB), Live |
+| [Tencent Cloud](https://www.tencentcloud.com/)  | Supports deployment to Tencent Cloud COS, CDN, ECDN, EdgeOne, CLB, CSS      |
+| [Baidu AI Cloud](https://intl.cloud.baidu.com/) | Supports deployment to Baidu AI CLoud CDN                                   |
+| [Huawei Cloud](https://www.huaweicloud.com/)    | Supports deployment to Huawei Cloud CDN, ELB                                |
+| [Volcengine](https://www.volcengine.com/)       | Supports deployment to Volcengine TOS, CDN, DCDN, CLB, Live                 |
+| [Qiniu Cloud](https://www.qiniu.com/)           | Supports deployment to Qiniu Cloud CDN                                      |
+| [Doge Cloud](https://www.dogecloud.com/)        | Supports deployment to Doge Cloud CDN                                       |
+| [BytePlus](https://www.byteplus.com/)           | Supports deployment to BytePlus CDN                                         |
+
+</details>
 
 ## Concepts