feat: add 1panel deployer

internal/deployer/providers.go

@@ -6,6 +6,8 @@ import (
 
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	p1PanelConsole "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-console"
+	p1PanelSite "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-site"
 	pAliyunALB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-alb"
 	pAliyunCASDeploy "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cas-deploy"
 	pAliyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn"
@@ -69,6 +71,35 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
 	switch options.Provider {
+	case domain.DeployProviderType1PanelConsole, domain.DeployProviderType1PanelSite:
+		{
+			access := domain.AccessConfigFor1Panel{}
+			if err := maps.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			switch options.Provider {
+			case domain.DeployProviderType1PanelConsole:
+				deployer, err := p1PanelConsole.NewDeployer(&p1PanelConsole.DeployerConfig{
+					ApiUrl:      access.ApiUrl,
+					ApiKey:      access.ApiKey,
+					AutoRestart: maps.GetValueAsBool(options.ProviderDeployConfig, "autoRestart"),
+				})
+				return deployer, err
+
+			case domain.DeployProviderType1PanelSite:
+				deployer, err := p1PanelSite.NewDeployer(&p1PanelSite.DeployerConfig{
+					ApiUrl:    access.ApiUrl,
+					ApiKey:    access.ApiKey,
+					WebsiteId: maps.GetValueAsInt64(options.ProviderDeployConfig, "websiteId"),
+				})
+				return deployer, err
+
+			default:
+				break
+			}
+		}
+
 	case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCASDeploy, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunESA, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunVOD, domain.DeployProviderTypeAliyunWAF:
 		{
 			access := domain.AccessConfigForAliyun{}

internal/domain/access.go

@@ -24,6 +24,11 @@ func (a *Access) UnmarshalConfigToMap() (map[string]any, error) {
 	return config, nil
 }
 
+type AccessConfigFor1Panel struct {
+	ApiUrl string `json:"apiUrl"`
+	ApiKey string `json:"apiKey"`
+}
+
 type AccessConfigForACMEHttpReq struct {
 	Endpoint string `json:"endpoint"`
 	Mode     string `json:"mode,omitempty"`

internal/domain/provider.go

@@ -9,7 +9,7 @@ type AccessProviderType string
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
-	AccessProviderType1Panel       = AccessProviderType("1panel") // 1Panel（预留）
+	AccessProviderType1Panel       = AccessProviderType("1panel")
 	AccessProviderTypeACMEHttpReq  = AccessProviderType("acmehttpreq")
 	AccessProviderTypeAkamai       = AccessProviderType("akamai") // Akamai（预留）
 	AccessProviderTypeAliyun       = AccessProviderType("aliyun")
@@ -108,6 +108,8 @@ type DeployProviderType string
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
+	DeployProviderType1PanelConsole         = DeployProviderType("1panel-console")
+	DeployProviderType1PanelSite            = DeployProviderType("1panel-site")
 	DeployProviderTypeAliyunALB             = DeployProviderType("aliyun-alb")
 	DeployProviderTypeAliyunCASDeploy       = DeployProviderType("aliyun-casdeploy")
 	DeployProviderTypeAliyunCDN             = DeployProviderType("aliyun-cdn")

internal/pkg/core/deployer/providers/1panel-console/1panel_console.go

@@ -0,0 +1,88 @@
+package onepanelconsole
+
+import (
+	"context"
+	"errors"
+	"net/url"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	"github.com/usual2970/certimate/internal/pkg/core/logger"
+	opsdk "github.com/usual2970/certimate/internal/pkg/vendors/1panel-sdk"
+)
+
+type DeployerConfig struct {
+	// 1Panel 地址。
+	ApiUrl string `json:"apiUrl"`
+	// 1Panel 接口密钥。
+	ApiKey string `json:"apiKey"`
+	// 是否自动重启。
+	AutoRestart bool `json:"autoRestart"`
+}
+
+type DeployerProvider struct {
+	config    *DeployerConfig
+	logger    logger.Logger
+	sdkClient *opsdk.Client
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, err := createSdkClient(config.ApiUrl, config.ApiKey)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &DeployerProvider{
+		config:    config,
+		logger:    logger.NewNilLogger(),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger logger.Logger) *DeployerProvider {
+	d.logger = logger
+	return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+	// 设置面板 SSL 证书
+	updateSystemSSLReq := &opsdk.UpdateSystemSSLRequest{
+		Cert:    certPem,
+		Key:     privkeyPem,
+		SSL:     "enable",
+		SSLType: "import-paste",
+	}
+	if d.config.AutoRestart {
+		updateSystemSSLReq.AutoRestart = "true"
+	} else {
+		updateSystemSSLReq.AutoRestart = "false"
+	}
+	updateSystemSSLResp, err := d.sdkClient.UpdateSystemSSL(updateSystemSSLReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateSystemSSL'")
+	} else {
+		d.logger.Logt("已设置面板 SSL 证书", updateSystemSSLResp)
+	}
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) {
+	if _, err := url.Parse(apiUrl); err != nil {
+		return nil, errors.New("invalid 1panel api url")
+	}
+
+	if apiKey == "" {
+		return nil, errors.New("invalid 1panel api key")
+	}
+
+	client := opsdk.NewClient(apiUrl, apiKey)
+	return client, nil
+}

internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go

@@ -0,0 +1,71 @@
+package onepanelconsole_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-console"
+)
+
+var (
+	fInputCertPath string
+	fInputKeyPath  string
+	fApiUrl        string
+	fApiKey        string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_1PANELCONSOLE_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fApiUrl, argsPrefix+"APIURL", "", "")
+	flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./1panel_console_test.go -args \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIURL="http://127.0.0.1:20410" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIKEY="your-api-key"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("APIURL: %v", fApiUrl),
+			fmt.Sprintf("APIKEY: %v", fApiKey),
+		}, "\n"))
+
+		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+			ApiUrl:      fApiUrl,
+			ApiKey:      fApiKey,
+			AutoRestart: true,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}

internal/pkg/core/deployer/providers/1panel-site/1panel_site.go

@@ -0,0 +1,120 @@
+package onepanelsite
+
+import (
+	"context"
+	"errors"
+	"net/url"
+	"strconv"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	"github.com/usual2970/certimate/internal/pkg/core/logger"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/1panel-ssl"
+	opsdk "github.com/usual2970/certimate/internal/pkg/vendors/1panel-sdk"
+)
+
+type DeployerConfig struct {
+	// 1Panel 地址。
+	ApiUrl string `json:"apiUrl"`
+	// 1Panel 接口密钥。
+	ApiKey string `json:"apiKey"`
+	// 网站 ID。
+	WebsiteId int64 `json:"websiteId"`
+}
+
+type DeployerProvider struct {
+	config      *DeployerConfig
+	logger      logger.Logger
+	sdkClient   *opsdk.Client
+	sslUploader uploader.Uploader
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, err := createSdkClient(config.ApiUrl, config.ApiKey)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+		ApiUrl: config.ApiUrl,
+		ApiKey: config.ApiKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+
+	return &DeployerProvider{
+		config:      config,
+		logger:      logger.NewNilLogger(),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger logger.Logger) *DeployerProvider {
+	d.logger = logger
+	return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+	// 获取网站 HTTPS 配置
+	getHttpsConfReq := &opsdk.GetHttpsConfRequest{
+		WebsiteID: d.config.WebsiteId,
+	}
+	getHttpsConfResp, err := d.sdkClient.GetHttpsConf(getHttpsConfReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.GetHttpsConf'")
+	} else {
+		d.logger.Logt("已获取网站 HTTPS 配置", getHttpsConfResp)
+	}
+
+	// 上传证书到面板
+	upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to upload certificate file")
+	} else {
+		d.logger.Logt("certificate file uploaded", upres)
+	}
+
+	// 修改网站 HTTPS 配置
+	certId, _ := strconv.ParseInt(upres.CertId, 10, 64)
+	updateHttpsConfReq := &opsdk.UpdateHttpsConfRequest{
+		WebsiteID:    d.config.WebsiteId,
+		Type:         "existed",
+		WebsiteSSLID: certId,
+		Enable:       getHttpsConfResp.Data.Enable,
+		HttpConfig:   getHttpsConfResp.Data.HttpConfig,
+		SSLProtocol:  getHttpsConfResp.Data.SSLProtocol,
+		Algorithm:    getHttpsConfResp.Data.Algorithm,
+		Hsts:         getHttpsConfResp.Data.Hsts,
+	}
+	updateHttpsConfResp, err := d.sdkClient.UpdateHttpsConf(updateHttpsConfReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateHttpsConf'")
+	} else {
+		d.logger.Logt("已获取网站 HTTPS 配置", updateHttpsConfResp)
+	}
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) {
+	if _, err := url.Parse(apiUrl); err != nil {
+		return nil, errors.New("invalid 1panel api url")
+	}
+
+	if apiKey == "" {
+		return nil, errors.New("invalid 1panel api key")
+	}
+
+	client := opsdk.NewClient(apiUrl, apiKey)
+	return client, nil
+}

internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go

@@ -0,0 +1,75 @@
+package onepanelsite_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-site"
+)
+
+var (
+	fInputCertPath string
+	fInputKeyPath  string
+	fApiUrl        string
+	fApiKey        string
+	fWebsiteId     int64
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_1PANELCONSOLE_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fApiUrl, argsPrefix+"APIURL", "", "")
+	flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
+	flag.Int64Var(&fWebsiteId, argsPrefix+"WEBSITEID", 0, "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./1panel_console_test.go -args \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIURL="http://127.0.0.1:20410" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_APIKEY="your-api-key" \
+	--CERTIMATE_DEPLOYER_1PANELCONSOLE_WEBSITEID="your-website-id"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("APIURL: %v", fApiUrl),
+			fmt.Sprintf("APIKEY: %v", fApiKey),
+			fmt.Sprintf("WEBSITEID: %v", fWebsiteId),
+		}, "\n"))
+
+		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+			ApiUrl:    fApiUrl,
+			ApiKey:    fApiKey,
+			WebsiteId: fWebsiteId,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}

internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console_test.go

@@ -49,8 +49,9 @@ func TestDeploy(t *testing.T) {
 		}, "\n"))
 
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			ApiUrl: fApiUrl,
-			ApiKey: fApiKey,
+			ApiUrl:      fApiUrl,
+			ApiKey:      fApiKey,
+			AutoRestart: true,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)

internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go

@@ -0,0 +1,125 @@
+package onepanelssl
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	opsdk "github.com/usual2970/certimate/internal/pkg/vendors/1panel-sdk"
+)
+
+type UploaderConfig struct {
+	// 1Panel 地址。
+	ApiUrl string `json:"apiUrl"`
+	// 1Panel 接口密钥。
+	ApiKey string `json:"apiKey"`
+}
+
+type UploaderProvider struct {
+	config    *UploaderConfig
+	sdkClient *opsdk.Client
+}
+
+var _ uploader.Uploader = (*UploaderProvider)(nil)
+
+func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, err := createSdkClient(config.ApiUrl, config.ApiKey)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &UploaderProvider{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 遍历证书列表，避免重复上传
+	if res, err := u.getExistCert(ctx, certPem, privkeyPem); err != nil {
+		return nil, err
+	} else if res != nil {
+		return res, nil
+	}
+
+	// 生成新证书名（需符合 1Panel 命名规则）
+	certName := fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传证书
+	uploadWebsiteSSLReq := &opsdk.UploadWebsiteSSLRequest{
+		Type:        "paste",
+		Description: certName,
+		Certificate: certPem,
+		PrivateKey:  privkeyPem,
+	}
+	uploadWebsiteSSLResp, err := u.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UploadWebsiteSSL'")
+	}
+
+	// 遍历证书列表，获取刚刚上传证书 ID
+	if res, err := u.getExistCert(ctx, certPem, privkeyPem); err != nil {
+		return nil, err
+	} else if res == nil {
+		return nil, fmt.Errorf("no ssl certificate found, may be upload failed (code: %d, message: %s)", uploadWebsiteSSLResp.GetCode(), uploadWebsiteSSLResp.GetMessage())
+	} else {
+		return res, nil
+	}
+}
+
+func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	searchWebsiteSSLPageNumber := int32(1)
+	searchWebsiteSSLPageSize := int32(100)
+	for {
+		searchWebsiteSSLReq := &opsdk.SearchWebsiteSSLRequest{
+			Page:     searchWebsiteSSLPageNumber,
+			PageSize: searchWebsiteSSLPageSize,
+		}
+		searchWebsiteSSLResp, err := u.sdkClient.SearchWebsiteSSL(searchWebsiteSSLReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.SearchWebsiteSSL'")
+		}
+
+		for _, sslItem := range searchWebsiteSSLResp.Data.Items {
+			if strings.TrimSpace(sslItem.PEM) == strings.TrimSpace(certPem) &&
+				strings.TrimSpace(sslItem.PrivateKey) == strings.TrimSpace(privkeyPem) {
+				// 如果已存在相同证书，直接返回已有的证书信息
+				return &uploader.UploadResult{
+					CertId:   fmt.Sprintf("%d", sslItem.ID),
+					CertName: sslItem.Description,
+				}, nil
+			}
+		}
+
+		if len(searchWebsiteSSLResp.Data.Items) < int(searchWebsiteSSLPageSize) {
+			break
+		} else {
+			searchWebsiteSSLPageNumber++
+		}
+	}
+
+	return nil, nil
+}
+
+func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) {
+	if _, err := url.Parse(apiUrl); err != nil {
+		return nil, errors.New("invalid 1panel api url")
+	}
+
+	if apiKey == "" {
+		return nil, errors.New("invalid 1panel api key")
+	}
+
+	client := opsdk.NewClient(apiUrl, apiKey)
+	return client, nil
+}

internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl_test.go

@@ -0,0 +1,72 @@
+package onepanelssl_test
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/1panel-ssl"
+)
+
+var (
+	fInputCertPath string
+	fInputKeyPath  string
+	fApiUrl        string
+	fApiKey        string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_UPLOADER_1PANELSSL_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fApiUrl, argsPrefix+"APIURL", "", "")
+	flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./1panel_ssl_test.go -args \
+	--CERTIMATE_UPLOADER_1PANELSSL_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_UPLOADER_1PANELSSL_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_UPLOADER_1PANELSSL_APIURL="http://127.0.0.1:20410" \
+	--CERTIMATE_UPLOADER_1PANELSSL_APIKEY="your-api-key"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("APIURL: %v", fApiUrl),
+			fmt.Sprintf("APIKEY: %v", fApiKey),
+		}, "\n"))
+
+		uploader, err := provider.NewUploader(&provider.UploaderConfig{
+			ApiUrl: fApiUrl,
+			ApiKey: fApiKey,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := uploader.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		sres, _ := json.Marshal(res)
+		t.Logf("ok: %s", string(sres))
+	})
+}

internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go

@@ -76,7 +76,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
 	uploadNormalCertificateResp, err := u.sdkClient.UploadNormalCertificate(uploadNormalCertificateReq)
 	if err != nil {
 		if uploadNormalCertificateResp != nil && uploadNormalCertificateResp.GetRetCode() == 80035 {
-			return u.getExistCert(ctx, certPem)
+			if res, err := u.getExistCert(ctx, certPem); err != nil {
+				return nil, err
+			} else if res == nil {
+				return nil, errors.New("no certificate found")
+			} else {
+				return res, nil
+			}
 		}
 
 		return nil, xerrors.Wrap(err, "failed to execute sdk request 'ussl.UploadNormalCertificate'")
@@ -205,7 +211,7 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string) (re
 		}
 	}
 
-	return nil, errors.New("no certificate found")
+	return nil, nil
 }
 
 func createSdkClient(privateKey, publicKey string) (*usdkSsl.USSLClient, error) {

internal/pkg/vendors/1panel-sdk/api.go

@@ -0,0 +1,51 @@
+package onepanelsdk
+
+import (
+	"fmt"
+	"net/http"
+)
+
+func (c *Client) UpdateSystemSSL(req *UpdateSystemSSLRequest) (*UpdateSystemSSLResponse, error) {
+	resp := &UpdateSystemSSLResponse{}
+	err := c.sendRequestWithResult(http.MethodPost, "/settings/ssl/update", req, resp)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *Client) SearchWebsiteSSL(req *SearchWebsiteSSLRequest) (*SearchWebsiteSSLResponse, error) {
+	resp := &SearchWebsiteSSLResponse{}
+	err := c.sendRequestWithResult(http.MethodPost, "/websites/ssl/search", req, resp)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *Client) UploadWebsiteSSL(req *UploadWebsiteSSLRequest) (*UploadWebsiteSSLResponse, error) {
+	resp := &UploadWebsiteSSLResponse{}
+	err := c.sendRequestWithResult(http.MethodPost, "/websites/ssl/upload", req, resp)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *Client) GetHttpsConf(req *GetHttpsConfRequest) (*GetHttpsConfResponse, error) {
+	resp := &GetHttpsConfResponse{}
+	err := c.sendRequestWithResult(http.MethodGet, fmt.Sprintf("/websites/%d/https", req.WebsiteID), req, resp)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *Client) UpdateHttpsConf(req *UpdateHttpsConfRequest) (*UpdateHttpsConfResponse, error) {
+	resp := &UpdateHttpsConfResponse{}
+	err := c.sendRequestWithResult(http.MethodPost, fmt.Sprintf("/websites/%d/https", req.WebsiteID), req, resp)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}

internal/pkg/vendors/1panel-sdk/client.go

@@ -0,0 +1,101 @@
+package onepanelsdk
+
+import (
+	"crypto/md5"
+	"crypto/tls"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/go-resty/resty/v2"
+)
+
+type Client struct {
+	apiHost string
+	apiKey  string
+
+	client *resty.Client
+}
+
+func NewClient(apiHost, apiKey string) *Client {
+	client := resty.New()
+
+	return &Client{
+		apiHost: strings.TrimRight(apiHost, "/"),
+		apiKey:  apiKey,
+		client:  client,
+	}
+}
+
+func (c *Client) WithTimeout(timeout time.Duration) *Client {
+	c.client.SetTimeout(timeout)
+	return c
+}
+
+func (c *Client) WithTlsConfig(config *tls.Config) *Client {
+	c.client.SetTLSClientConfig(config)
+	return c
+}
+
+func (c *Client) generateToken(timestamp string) string {
+	tokenMd5 := md5.Sum([]byte("1panel" + c.apiKey + timestamp))
+	tokenMd5Hex := hex.EncodeToString(tokenMd5[:])
+	return tokenMd5Hex
+}
+
+func (c *Client) sendRequest(method string, path string, params interface{}) (*resty.Response, error) {
+	req := c.client.R()
+	req.Method = method
+	req.URL = c.apiHost + "/api/v1" + path
+	if strings.EqualFold(method, http.MethodGet) {
+		qs := make(map[string]string)
+		if params != nil {
+			temp := make(map[string]any)
+			jsonb, _ := json.Marshal(params)
+			json.Unmarshal(jsonb, &temp)
+			for k, v := range temp {
+				if v != nil {
+					qs[k] = fmt.Sprintf("%v", v)
+				}
+			}
+		}
+
+		req = req.SetQueryParams(qs)
+	} else {
+		req = req.
+			SetHeader("Content-Type", "application/json").
+			SetBody(params)
+	}
+
+	timestamp := fmt.Sprintf("%d", time.Now().Unix())
+	token := c.generateToken(timestamp)
+	req.SetHeader("1Panel-Timestamp", timestamp)
+	req.SetHeader("1Panel-Token", token)
+
+	resp, err := req.Send()
+	if err != nil {
+		return nil, fmt.Errorf("1panel api error: failed to send request: %w", err)
+	} else if resp.IsError() {
+		return nil, fmt.Errorf("1panel api error: unexpected status code: %d, %s", resp.StatusCode(), resp.Body())
+	}
+
+	return resp, nil
+}
+
+func (c *Client) sendRequestWithResult(method string, path string, params interface{}, result BaseResponse) error {
+	resp, err := c.sendRequest(method, path, params)
+	if err != nil {
+		return err
+	}
+
+	if err := json.Unmarshal(resp.Body(), &result); err != nil {
+		return fmt.Errorf("1panel api error: failed to parse response: %w", err)
+	} else if errcode := result.GetCode(); errcode/100 != 2 {
+		return fmt.Errorf("1panel api error: %d - %s", errcode, result.GetMessage())
+	}
+
+	return nil
+}

internal/pkg/vendors/1panel-sdk/models.go

@@ -0,0 +1,103 @@
+package onepanelsdk
+
+type BaseResponse interface {
+	GetCode() int32
+	GetMessage() string
+}
+
+type baseResponse struct {
+	Code    int32  `json:"code"`
+	Message string `json:"message"`
+}
+
+func (r *baseResponse) GetCode() int32 {
+	return r.Code
+}
+
+func (r *baseResponse) GetMessage() string {
+	return r.Message
+}
+
+type UpdateSystemSSLRequest struct {
+	Cert        string `json:"cert"`
+	Key         string `json:"key"`
+	SSLType     string `json:"sslType"`
+	SSL         string `json:"ssl"`
+	SSLID       int64  `json:"sslID"`
+	AutoRestart string `json:"autoRestart"`
+}
+
+type UpdateSystemSSLResponse struct {
+	baseResponse
+}
+
+type SearchWebsiteSSLRequest struct {
+	Page     int32 `json:"page"`
+	PageSize int32 `json:"pageSize"`
+}
+
+type SearchWebsiteSSLResponse struct {
+	baseResponse
+	Data struct {
+		Items []*struct {
+			ID          int64  `json:"id"`
+			PEM         string `json:"pem"`
+			PrivateKey  string `json:"privateKey"`
+			Domains     string `json:"domains"`
+			Description string `json:"description"`
+			Status      string `json:"status"`
+			UpdatedAt   string `json:"updatedAt"`
+			CreatedAt   string `json:"createdAt"`
+		} `json:"items"`
+		Total int32 `json:"total"`
+	} `json:"data"`
+}
+
+type UploadWebsiteSSLRequest struct {
+	Type            string `json:"type"`
+	SSLID           int64  `json:"sslID"`
+	Certificate     string `json:"certificate"`
+	CertificatePath string `json:"certificatePath"`
+	PrivateKey      string `json:"privateKey"`
+	PrivateKeyPath  string `json:"privateKeyPath"`
+	Description     string `json:"description"`
+}
+
+type UploadWebsiteSSLResponse struct {
+	baseResponse
+}
+
+type GetHttpsConfRequest struct {
+	WebsiteID int64 `json:"-"`
+}
+
+type GetHttpsConfResponse struct {
+	baseResponse
+	Data struct {
+		Enable      bool     `json:"enable"`
+		HttpConfig  string   `json:"httpConfig"`
+		SSLProtocol []string `json:"SSLProtocol"`
+		Algorithm   string   `json:"algorithm"`
+		Hsts        bool     `json:"hsts"`
+	} `json:"data"`
+}
+
+type UpdateHttpsConfRequest struct {
+	WebsiteID       int64    `json:"websiteId"`
+	Enable          bool     `json:"enable"`
+	Type            string   `json:"type"`
+	WebsiteSSLID    int64    `json:"websiteSSLId"`
+	PrivateKey      string   `json:"privateKey"`
+	Certificate     string   `json:"certificate"`
+	PrivateKeyPath  string   `json:"privateKeyPath"`
+	CertificatePath string   `json:"certificatePath"`
+	ImportType      string   `json:"importType"`
+	HttpConfig      string   `json:"httpConfig"`
+	SSLProtocol     []string `json:"SSLProtocol"`
+	Algorithm       string   `json:"algorithm"`
+	Hsts            bool     `json:"hsts"`
+}
+
+type UpdateHttpsConfResponse struct {
+	baseResponse
+}