diff --git a/go.mod b/go.mod
index 18d0a4ee..54651504 100644
--- a/go.mod
+++ b/go.mod
@@ -187,7 +187,7 @@ require (
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nrdcg/namesilo v0.2.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/pkg/errors v0.9.1
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/spf13/cobra v1.9.1 // indirect
diff --git a/internal/applicant/acme_ca.go b/internal/applicant/acme_ca.go
index 3a066d08..67b7693e 100644
--- a/internal/applicant/acme_ca.go
+++ b/internal/applicant/acme_ca.go
@@ -3,12 +3,12 @@ package applicant
 import "github.com/usual2970/certimate/internal/domain"
 
 const (
-	sslProviderLetsEncrypt         = string(domain.ApplyCAProviderTypeLetsEncrypt)
-	sslProviderLetsEncryptStaging  = string(domain.ApplyCAProviderTypeLetsEncryptStaging)
-	sslProviderBuypass             = string(domain.ApplyCAProviderTypeBuypass)
-	sslProviderGoogleTrustServices = string(domain.ApplyCAProviderTypeGoogleTrustServices)
-	sslProviderSSLCom              = string(domain.ApplyCAProviderTypeSSLCom)
-	sslProviderZeroSSL             = string(domain.ApplyCAProviderTypeZeroSSL)
+	sslProviderLetsEncrypt         = string(domain.CAProviderTypeLetsEncrypt)
+	sslProviderLetsEncryptStaging  = string(domain.CAProviderTypeLetsEncryptStaging)
+	sslProviderBuypass             = string(domain.CAProviderTypeBuypass)
+	sslProviderGoogleTrustServices = string(domain.CAProviderTypeGoogleTrustServices)
+	sslProviderSSLCom              = string(domain.CAProviderTypeSSLCom)
+	sslProviderZeroSSL             = string(domain.CAProviderTypeZeroSSL)
 
 	sslProviderDefault = sslProviderLetsEncrypt
 )
@@ -25,6 +25,6 @@ var sslProviderUrls = map[string]string{
 }
 
 type acmeSSLProviderConfig struct {
-	Config   map[domain.ApplyCAProviderType]map[string]any `json:"config"`
-	Provider string                                        `json:"provider"`
+	Config   map[domain.CAProviderType]map[string]any `json:"config"`
+	Provider string                                   `json:"provider"`
 }
diff --git a/internal/applicant/applicant.go b/internal/applicant/applicant.go
index 7b8b94f9..ecb5218e 100644
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"log/slog"
 	"os"
 	"strconv"
 	"strings"
@@ -22,7 +23,7 @@ import (
 	"github.com/usual2970/certimate/internal/repository"
 )
 
-type ApplyCertResult struct {
+type ApplyResult struct {
 	CertificateFullChain string
 	IssuerCertificate    string
 	PrivateKey           string
@@ -33,40 +34,30 @@ type ApplyCertResult struct {
 }
 
 type Applicant interface {
-	Apply() (*ApplyCertResult, error)
+	Apply(ctx context.Context) (*ApplyResult, error)
 }
 
-type applicantOptions struct {
-	Domains                  []string
-	ContactEmail             string
-	Provider                 domain.ApplyDNSProviderType
-	ProviderAccessConfig     map[string]any
-	ProviderExtendedConfig   map[string]any
-	CAProvider               domain.ApplyCAProviderType
-	CAProviderAccessConfig   map[string]any
-	CAProviderExtendedConfig map[string]any
-	KeyAlgorithm             string
-	Nameservers              []string
-	DnsPropagationTimeout    int32
-	DnsTTL                   int32
-	DisableFollowCNAME       bool
-	ReplacedARIAcct          string
-	ReplacedARICert          string
+type ApplicantWithWorkflowNodeConfig struct {
+	Node   *domain.WorkflowNode
+	Logger *slog.Logger
 }
 
-func NewWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
-	if node.Type != domain.WorkflowNodeTypeApply {
+func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, error) {
+	if config.Node == nil {
+		return nil, fmt.Errorf("node is nil")
+	}
+	if config.Node.Type != domain.WorkflowNodeTypeApply {
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeApply))
 	}
 
-	nodeConfig := node.GetConfigForApply()
-	options := &applicantOptions{
+	nodeConfig := config.Node.GetConfigForApply()
+	options := &applicantProviderOptions{
 		Domains:                  sliceutil.Filter(strings.Split(nodeConfig.Domains, ";"), func(s string) bool { return s != "" }),
 		ContactEmail:             nodeConfig.ContactEmail,
-		Provider:                 domain.ApplyDNSProviderType(nodeConfig.Provider),
+		Provider:                 domain.ACMEDns01ProviderType(nodeConfig.Provider),
 		ProviderAccessConfig:     make(map[string]any),
 		ProviderExtendedConfig:   nodeConfig.ProviderConfig,
-		CAProvider:               domain.ApplyCAProviderType(nodeConfig.CAProvider),
+		CAProvider:               domain.CAProviderType(nodeConfig.CAProvider),
 		CAProviderAccessConfig:   make(map[string]any),
 		CAProviderExtendedConfig: nodeConfig.CAProviderConfig,
 		KeyAlgorithm:             nodeConfig.KeyAlgorithm,
@@ -97,7 +88,7 @@ func NewWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 		settings, _ := settingsRepo.GetByName(context.Background(), "sslProvider")
 
 		sslProviderConfig := &acmeSSLProviderConfig{
-			Config:   make(map[domain.ApplyCAProviderType]map[string]any),
+			Config:   make(map[domain.CAProviderType]map[string]any),
 			Provider: sslProviderDefault,
 		}
 		if settings != nil {
@@ -108,12 +99,12 @@ func NewWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 			}
 		}
 
-		options.CAProvider = domain.ApplyCAProviderType(sslProviderConfig.Provider)
+		options.CAProvider = domain.CAProviderType(sslProviderConfig.Provider)
 		options.CAProviderAccessConfig = sslProviderConfig.Config[options.CAProvider]
 	}
 
 	certRepo := repository.NewCertificateRepository()
-	lastCertificate, _ := certRepo.GetByWorkflowNodeId(context.Background(), node.Id)
+	lastCertificate, _ := certRepo.GetByWorkflowNodeId(context.Background(), config.Node.Id)
 	if lastCertificate != nil {
 		newCertSan := slices.Clone(options.Domains)
 		oldCertSan := strings.Split(lastCertificate.SubjectAltNames, ";")
@@ -130,18 +121,46 @@ func NewWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 		}
 	}
 
-	applicant, err := createApplicant(options)
+	applicant, err := createApplicantProvider(options)
 	if err != nil {
 		return nil, err
 	}
 
-	return &proxyApplicant{
+	return &applicantImpl{
 		applicant: applicant,
 		options:   options,
 	}, nil
 }
 
-func apply(challengeProvider challenge.Provider, options *applicantOptions) (*ApplyCertResult, error) {
+type applicantImpl struct {
+	applicant challenge.Provider
+	options   *applicantProviderOptions
+}
+
+var _ Applicant = (*applicantImpl)(nil)
+
+func (d *applicantImpl) Apply(ctx context.Context) (*ApplyResult, error) {
+	limiter := getLimiter(fmt.Sprintf("apply_%s", d.options.ContactEmail))
+	if err := limiter.Wait(ctx); err != nil {
+		return nil, err
+	}
+
+	return applyUseLego(d.applicant, d.options)
+}
+
+const (
+	limitBurst         = 300
+	limitRate  float64 = float64(1) / float64(36)
+)
+
+var limiters sync.Map
+
+func getLimiter(key string) *rate.Limiter {
+	limiter, _ := limiters.LoadOrStore(key, rate.NewLimiter(rate.Limit(limitRate), 300))
+	return limiter.(*rate.Limiter)
+}
+
+func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOptions) (*ApplyResult, error) {
 	user, err := newAcmeUser(string(options.CAProvider), options.ContactEmail)
 	if err != nil {
 		return nil, err
@@ -153,7 +172,7 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 
 	// Create an ACME client config
 	config := lego.NewConfig(user)
-	config.Certificate.KeyType = parseKeyAlgorithm(domain.CertificateKeyAlgorithmType(options.KeyAlgorithm))
+	config.Certificate.KeyType = parseLegoKeyAlgorithm(domain.CertificateKeyAlgorithmType(options.KeyAlgorithm))
 	config.CADirURL = sslProviderUrls[user.CA]
 	if user.CA == sslProviderSSLCom {
 		if strings.HasPrefix(options.KeyAlgorithm, "RSA") {
@@ -175,7 +194,7 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 		challengeOptions = append(challengeOptions, dns01.AddRecursiveNameservers(dns01.ParseNameservers(options.Nameservers)))
 		challengeOptions = append(challengeOptions, dns01.DisableAuthoritativeNssPropagationRequirement())
 	}
-	client.Challenge.SetDNS01Provider(challengeProvider, challengeOptions...)
+	client.Challenge.SetDNS01Provider(legoProvider, challengeOptions...)
 
 	// New users need to register first
 	if !user.hasRegistration() {
@@ -199,7 +218,7 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 		return nil, err
 	}
 
-	return &ApplyCertResult{
+	return &ApplyResult{
 		CertificateFullChain: strings.TrimSpace(string(certResource.Certificate)),
 		IssuerCertificate:    strings.TrimSpace(string(certResource.IssuerCertificate)),
 		PrivateKey:           strings.TrimSpace(string(certResource.PrivateKey)),
@@ -210,47 +229,20 @@ func apply(challengeProvider challenge.Provider, options *applicantOptions) (*Ap
 	}, nil
 }
 
-func parseKeyAlgorithm(algo domain.CertificateKeyAlgorithmType) certcrypto.KeyType {
-	switch algo {
-	case domain.CertificateKeyAlgorithmTypeRSA2048:
-		return certcrypto.RSA2048
-	case domain.CertificateKeyAlgorithmTypeRSA3072:
-		return certcrypto.RSA3072
-	case domain.CertificateKeyAlgorithmTypeRSA4096:
-		return certcrypto.RSA4096
-	case domain.CertificateKeyAlgorithmTypeRSA8192:
-		return certcrypto.RSA8192
-	case domain.CertificateKeyAlgorithmTypeEC256:
-		return certcrypto.EC256
-	case domain.CertificateKeyAlgorithmTypeEC384:
-		return certcrypto.EC384
-	case domain.CertificateKeyAlgorithmTypeEC512:
-		return certcrypto.KeyType("P512")
+func parseLegoKeyAlgorithm(algo domain.CertificateKeyAlgorithmType) certcrypto.KeyType {
+	alogMap := map[domain.CertificateKeyAlgorithmType]certcrypto.KeyType{
+		domain.CertificateKeyAlgorithmTypeRSA2048: certcrypto.RSA2048,
+		domain.CertificateKeyAlgorithmTypeRSA3072: certcrypto.RSA3072,
+		domain.CertificateKeyAlgorithmTypeRSA4096: certcrypto.RSA4096,
+		domain.CertificateKeyAlgorithmTypeRSA8192: certcrypto.RSA8192,
+		domain.CertificateKeyAlgorithmTypeEC256:   certcrypto.EC256,
+		domain.CertificateKeyAlgorithmTypeEC384:   certcrypto.EC384,
+		domain.CertificateKeyAlgorithmTypeEC512:   certcrypto.KeyType("P512"),
+	}
+
+	if keyType, ok := alogMap[algo]; ok {
+		return keyType
 	}
 
 	return certcrypto.RSA2048
 }
-
-// TODO: 暂时使用代理模式以兼容之前版本代码，后续重新实现此处逻辑
-type proxyApplicant struct {
-	applicant challenge.Provider
-	options   *applicantOptions
-}
-
-var limiters sync.Map
-
-const (
-	limitBurst         = 300
-	limitRate  float64 = float64(1) / float64(36)
-)
-
-func getLimiter(key string) *rate.Limiter {
-	limiter, _ := limiters.LoadOrStore(key, rate.NewLimiter(rate.Limit(limitRate), 300))
-	return limiter.(*rate.Limiter)
-}
-
-func (d *proxyApplicant) Apply() (*ApplyCertResult, error) {
-	limiter := getLimiter(fmt.Sprintf("apply_%s", d.options.ContactEmail))
-	limiter.Wait(context.Background())
-	return apply(d.applicant, d.options)
-}
diff --git a/internal/applicant/providers.go b/internal/applicant/providers.go
index d4ad473f..c54d1fe2 100644
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -38,13 +38,31 @@ import (
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
 
-func createApplicant(options *applicantOptions) (challenge.Provider, error) {
+type applicantProviderOptions struct {
+	Domains                  []string
+	ContactEmail             string
+	Provider                 domain.ACMEDns01ProviderType
+	ProviderAccessConfig     map[string]any
+	ProviderExtendedConfig   map[string]any
+	CAProvider               domain.CAProviderType
+	CAProviderAccessConfig   map[string]any
+	CAProviderExtendedConfig map[string]any
+	KeyAlgorithm             string
+	Nameservers              []string
+	DnsPropagationTimeout    int32
+	DnsTTL                   int32
+	DisableFollowCNAME       bool
+	ReplacedARIAcct          string
+	ReplacedARICert          string
+}
+
+func createApplicantProvider(options *applicantProviderOptions) (challenge.Provider, error) {
 	/*
 	  注意：如果追加新的常量值，请保持以 ASCII 排序。
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
 	switch options.Provider {
-	case domain.ApplyDNSProviderTypeACMEHttpReq:
+	case domain.ACMEDns01ProviderTypeACMEHttpReq:
 		{
 			access := domain.AccessConfigForACMEHttpReq{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -61,7 +79,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeAliyun, domain.ApplyDNSProviderTypeAliyunDNS:
+	case domain.ACMEDns01ProviderTypeAliyun, domain.ACMEDns01ProviderTypeAliyunDNS:
 		{
 			access := domain.AccessConfigForAliyun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -77,7 +95,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeAWS, domain.ApplyDNSProviderTypeAWSRoute53:
+	case domain.ACMEDns01ProviderTypeAWS, domain.ACMEDns01ProviderTypeAWSRoute53:
 		{
 			access := domain.AccessConfigForAWS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -95,7 +113,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeAzure, domain.ApplyDNSProviderTypeAzureDNS:
+	case domain.ACMEDns01ProviderTypeAzure, domain.ACMEDns01ProviderTypeAzureDNS:
 		{
 			access := domain.AccessConfigForAzure{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -113,7 +131,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeBaiduCloud, domain.ApplyDNSProviderTypeBaiduCloudDNS:
+	case domain.ACMEDns01ProviderTypeBaiduCloud, domain.ACMEDns01ProviderTypeBaiduCloudDNS:
 		{
 			access := domain.AccessConfigForBaiduCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -129,7 +147,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeBunny:
+	case domain.ACMEDns01ProviderTypeBunny:
 		{
 			access := domain.AccessConfigForBunny{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -144,7 +162,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeCloudflare:
+	case domain.ACMEDns01ProviderTypeCloudflare:
 		{
 			access := domain.AccessConfigForCloudflare{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -160,7 +178,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeClouDNS:
+	case domain.ACMEDns01ProviderTypeClouDNS:
 		{
 			access := domain.AccessConfigForClouDNS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -176,7 +194,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeCMCCCloud:
+	case domain.ACMEDns01ProviderTypeCMCCCloud:
 		{
 			access := domain.AccessConfigForCMCCCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -192,7 +210,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeDeSEC:
+	case domain.ACMEDns01ProviderTypeDeSEC:
 		{
 			access := domain.AccessConfigForDeSEC{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -207,7 +225,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeDNSLA:
+	case domain.ACMEDns01ProviderTypeDNSLA:
 		{
 			access := domain.AccessConfigForDNSLA{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -223,7 +241,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeDynv6:
+	case domain.ACMEDns01ProviderTypeDynv6:
 		{
 			access := domain.AccessConfigForDynv6{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -238,7 +256,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeGcore:
+	case domain.ACMEDns01ProviderTypeGcore:
 		{
 			access := domain.AccessConfigForGcore{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -253,7 +271,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeGname:
+	case domain.ACMEDns01ProviderTypeGname:
 		{
 			access := domain.AccessConfigForGname{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -269,7 +287,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeGoDaddy:
+	case domain.ACMEDns01ProviderTypeGoDaddy:
 		{
 			access := domain.AccessConfigForGoDaddy{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -285,7 +303,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeHuaweiCloud, domain.ApplyDNSProviderTypeHuaweiCloudDNS:
+	case domain.ACMEDns01ProviderTypeHuaweiCloud, domain.ACMEDns01ProviderTypeHuaweiCloudDNS:
 		{
 			access := domain.AccessConfigForHuaweiCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -302,7 +320,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeJDCloud, domain.ApplyDNSProviderTypeJDCloudDNS:
+	case domain.ACMEDns01ProviderTypeJDCloud, domain.ACMEDns01ProviderTypeJDCloudDNS:
 		{
 			access := domain.AccessConfigForJDCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -319,7 +337,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeNamecheap:
+	case domain.ACMEDns01ProviderTypeNamecheap:
 		{
 			access := domain.AccessConfigForNamecheap{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -335,7 +353,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeNameDotCom:
+	case domain.ACMEDns01ProviderTypeNameDotCom:
 		{
 			access := domain.AccessConfigForNameDotCom{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -351,7 +369,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeNameSilo:
+	case domain.ACMEDns01ProviderTypeNameSilo:
 		{
 			access := domain.AccessConfigForNameSilo{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -366,7 +384,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeNS1:
+	case domain.ACMEDns01ProviderTypeNS1:
 		{
 			access := domain.AccessConfigForNS1{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -381,7 +399,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypePorkbun:
+	case domain.ACMEDns01ProviderTypePorkbun:
 		{
 			access := domain.AccessConfigForPorkbun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -397,7 +415,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypePowerDNS:
+	case domain.ACMEDns01ProviderTypePowerDNS:
 		{
 			access := domain.AccessConfigForPowerDNS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -413,7 +431,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeRainYun:
+	case domain.ACMEDns01ProviderTypeRainYun:
 		{
 			access := domain.AccessConfigForRainYun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -428,7 +446,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeTencentCloud, domain.ApplyDNSProviderTypeTencentCloudDNS, domain.ApplyDNSProviderTypeTencentCloudEO:
+	case domain.ACMEDns01ProviderTypeTencentCloud, domain.ACMEDns01ProviderTypeTencentCloudDNS, domain.ACMEDns01ProviderTypeTencentCloudEO:
 		{
 			access := domain.AccessConfigForTencentCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -436,7 +454,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			}
 
 			switch options.Provider {
-			case domain.ApplyDNSProviderTypeTencentCloud, domain.ApplyDNSProviderTypeTencentCloudDNS:
+			case domain.ACMEDns01ProviderTypeTencentCloud, domain.ACMEDns01ProviderTypeTencentCloudDNS:
 				applicant, err := pTencentCloud.NewChallengeProvider(&pTencentCloud.ChallengeProviderConfig{
 					SecretId:              access.SecretId,
 					SecretKey:             access.SecretKey,
@@ -445,7 +463,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 				})
 				return applicant, err
 
-			case domain.ApplyDNSProviderTypeTencentCloudEO:
+			case domain.ACMEDns01ProviderTypeTencentCloudEO:
 				applicant, err := pTencentCloudEO.NewChallengeProvider(&pTencentCloudEO.ChallengeProviderConfig{
 					SecretId:              access.SecretId,
 					SecretKey:             access.SecretKey,
@@ -460,7 +478,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			}
 		}
 
-	case domain.ApplyDNSProviderTypeVercel:
+	case domain.ACMEDns01ProviderTypeVercel:
 		{
 			access := domain.AccessConfigForVercel{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -476,7 +494,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeVolcEngine, domain.ApplyDNSProviderTypeVolcEngineDNS:
+	case domain.ACMEDns01ProviderTypeVolcEngine, domain.ACMEDns01ProviderTypeVolcEngineDNS:
 		{
 			access := domain.AccessConfigForVolcEngine{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -492,7 +510,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}
 
-	case domain.ApplyDNSProviderTypeWestcn:
+	case domain.ACMEDns01ProviderTypeWestcn:
 		{
 			access := domain.AccessConfigForWestcn{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go
index 972e7aa3..bdacf08e 100644
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -11,31 +11,29 @@ import (
 )
 
 type Deployer interface {
-	SetLogger(*slog.Logger)
-
 	Deploy(ctx context.Context) error
 }
 
-type deployerOptions struct {
-	Provider             domain.DeployProviderType
-	ProviderAccessConfig map[string]any
-	ProviderDeployConfig map[string]any
+type DeployerWithWorkflowNodeConfig struct {
+	Node           *domain.WorkflowNode
+	Logger         *slog.Logger
+	CertificatePEM string
+	PrivateKeyPEM  string
 }
 
-func NewWithDeployNode(node *domain.WorkflowNode, certdata struct {
-	Certificate string
-	PrivateKey  string
-},
-) (Deployer, error) {
-	if node.Type != domain.WorkflowNodeTypeDeploy {
+func NewWithWorkflowNode(config DeployerWithWorkflowNodeConfig) (Deployer, error) {
+	if config.Node == nil {
+		return nil, fmt.Errorf("node is nil")
+	}
+	if config.Node.Type != domain.WorkflowNodeTypeDeploy {
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeDeploy))
 	}
 
-	nodeConfig := node.GetConfigForDeploy()
-	options := &deployerOptions{
-		Provider:             domain.DeployProviderType(nodeConfig.Provider),
-		ProviderAccessConfig: make(map[string]any),
-		ProviderDeployConfig: nodeConfig.ProviderConfig,
+	nodeConfig := config.Node.GetConfigForDeploy()
+	options := &deployerProviderOptions{
+		Provider:               domain.DeploymentProviderType(nodeConfig.Provider),
+		ProviderAccessConfig:   make(map[string]any),
+		ProviderExtendedConfig: nodeConfig.ProviderConfig,
 	}
 
 	accessRepo := repository.NewAccessRepository()
@@ -48,34 +46,27 @@ func NewWithDeployNode(node *domain.WorkflowNode, certdata struct {
 		}
 	}
 
-	deployer, err := createDeployer(options)
+	deployerProvider, err := createDeployerProvider(options)
 	if err != nil {
 		return nil, err
 	}
 
-	return &proxyDeployer{
-		deployer:          deployer,
-		deployCertificate: certdata.Certificate,
-		deployPrivateKey:  certdata.PrivateKey,
+	return &deployerImpl{
+		provider:   deployerProvider.WithLogger(config.Logger),
+		certPEM:    config.CertificatePEM,
+		privkeyPEM: config.PrivateKeyPEM,
 	}, nil
 }
 
-// TODO: 暂时使用代理模式以兼容之前版本代码，后续重新实现此处逻辑
-type proxyDeployer struct {
-	deployer          deployer.Deployer
-	deployCertificate string
-	deployPrivateKey  string
+type deployerImpl struct {
+	provider   deployer.Deployer
+	certPEM    string
+	privkeyPEM string
 }
 
-func (d *proxyDeployer) SetLogger(logger *slog.Logger) {
-	if logger == nil {
-		panic("logger is nil")
-	}
+var _ Deployer = (*deployerImpl)(nil)
 
-	d.deployer.WithLogger(logger)
-}
-
-func (d *proxyDeployer) Deploy(ctx context.Context) error {
-	_, err := d.deployer.Deploy(ctx, d.deployCertificate, d.deployPrivateKey)
+func (d *deployerImpl) Deploy(ctx context.Context) error {
+	_, err := d.provider.Deploy(ctx, d.certPEM, d.privkeyPEM)
 	return err
 }
diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index 6b6daea1..2e7bcbcf 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -2,6 +2,7 @@ package deployer
 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 
 	"github.com/usual2970/certimate/internal/domain"
@@ -78,17 +79,24 @@ import (
 	pVolcEngineTOS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-tos"
 	pWangsuCDNPro "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/wangsu-cdnpro"
 	pWebhook "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/webhook"
+	httputil "github.com/usual2970/certimate/internal/pkg/utils/http"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 	sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
 )
 
-func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
+type deployerProviderOptions struct {
+	Provider               domain.DeploymentProviderType
+	ProviderAccessConfig   map[string]any
+	ProviderExtendedConfig map[string]any
+}
+
+func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer, error) {
 	/*
 	  注意：如果追加新的常量值，请保持以 ASCII 排序。
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
 	switch options.Provider {
-	case domain.DeployProviderType1PanelConsole, domain.DeployProviderType1PanelSite:
+	case domain.DeploymentProviderType1PanelConsole, domain.DeploymentProviderType1PanelSite:
 		{
 			access := domain.AccessConfigFor1Panel{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -96,23 +104,23 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderType1PanelConsole:
+			case domain.DeploymentProviderType1PanelConsole:
 				deployer, err := p1PanelConsole.NewDeployer(&p1PanelConsole.DeployerConfig{
 					ApiUrl:                   access.ApiUrl,
 					ApiKey:                   access.ApiKey,
 					AllowInsecureConnections: access.AllowInsecureConnections,
-					AutoRestart:              maputil.GetBool(options.ProviderDeployConfig, "autoRestart"),
+					AutoRestart:              maputil.GetBool(options.ProviderExtendedConfig, "autoRestart"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderType1PanelSite:
+			case domain.DeploymentProviderType1PanelSite:
 				deployer, err := p1PanelSite.NewDeployer(&p1PanelSite.DeployerConfig{
 					ApiUrl:                   access.ApiUrl,
 					ApiKey:                   access.ApiKey,
 					AllowInsecureConnections: access.AllowInsecureConnections,
-					ResourceType:             p1PanelSite.ResourceType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "resourceType", string(p1PanelSite.RESOURCE_TYPE_WEBSITE))),
-					WebsiteId:                maputil.GetInt64(options.ProviderDeployConfig, "websiteId"),
-					CertificateId:            maputil.GetInt64(options.ProviderDeployConfig, "certificateId"),
+					ResourceType:             p1PanelSite.ResourceType(maputil.GetOrDefaultString(options.ProviderExtendedConfig, "resourceType", string(p1PanelSite.RESOURCE_TYPE_WEBSITE))),
+					WebsiteId:                maputil.GetInt64(options.ProviderExtendedConfig, "websiteId"),
+					CertificateId:            maputil.GetInt64(options.ProviderExtendedConfig, "certificateId"),
 				})
 				return deployer, err
 
@@ -121,7 +129,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunAPIGW, domain.DeployProviderTypeAliyunCAS, domain.DeployProviderTypeAliyunCASDeploy, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunESA, domain.DeployProviderTypeAliyunFC, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunVOD, domain.DeployProviderTypeAliyunWAF:
+	case domain.DeploymentProviderTypeAliyunALB, domain.DeploymentProviderTypeAliyunAPIGW, domain.DeploymentProviderTypeAliyunCAS, domain.DeploymentProviderTypeAliyunCASDeploy, domain.DeploymentProviderTypeAliyunCDN, domain.DeploymentProviderTypeAliyunCLB, domain.DeploymentProviderTypeAliyunDCDN, domain.DeploymentProviderTypeAliyunESA, domain.DeploymentProviderTypeAliyunFC, domain.DeploymentProviderTypeAliyunLive, domain.DeploymentProviderTypeAliyunNLB, domain.DeploymentProviderTypeAliyunOSS, domain.DeploymentProviderTypeAliyunVOD, domain.DeploymentProviderTypeAliyunWAF:
 		{
 			access := domain.AccessConfigForAliyun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -129,142 +137,142 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeAliyunALB:
+			case domain.DeploymentProviderTypeAliyunALB:
 				deployer, err := pAliyunALB.NewDeployer(&pAliyunALB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pAliyunALB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:      maputil.GetString(options.ProviderDeployConfig, "listenerId"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pAliyunALB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:      maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunAPIGW:
+			case domain.DeploymentProviderTypeAliyunAPIGW:
 				deployer, err := pAliyunAPIGW.NewDeployer(&pAliyunAPIGW.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ServiceType:     pAliyunAPIGW.ServiceType(maputil.GetString(options.ProviderDeployConfig, "serviceType")),
-					GatewayId:       maputil.GetString(options.ProviderDeployConfig, "gatewayId"),
-					GroupId:         maputil.GetString(options.ProviderDeployConfig, "groupId"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ServiceType:     pAliyunAPIGW.ServiceType(maputil.GetString(options.ProviderExtendedConfig, "serviceType")),
+					GatewayId:       maputil.GetString(options.ProviderExtendedConfig, "gatewayId"),
+					GroupId:         maputil.GetString(options.ProviderExtendedConfig, "groupId"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunCAS:
+			case domain.DeploymentProviderTypeAliyunCAS:
 				deployer, err := pAliyunCAS.NewDeployer(&pAliyunCAS.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunCASDeploy:
+			case domain.DeploymentProviderTypeAliyunCASDeploy:
 				deployer, err := pAliyunCASDeploy.NewDeployer(&pAliyunCASDeploy.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceIds:     sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderDeployConfig, "resourceIds"), ";"), func(s string) bool { return s != "" }),
-					ContactIds:      sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderDeployConfig, "contactIds"), ";"), func(s string) bool { return s != "" }),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceIds:     sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderExtendedConfig, "resourceIds"), ";"), func(s string) bool { return s != "" }),
+					ContactIds:      sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderExtendedConfig, "contactIds"), ";"), func(s string) bool { return s != "" }),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunCDN:
+			case domain.DeploymentProviderTypeAliyunCDN:
 				deployer, err := pAliyunCDN.NewDeployer(&pAliyunCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunCLB:
+			case domain.DeploymentProviderTypeAliyunCLB:
 				deployer, err := pAliyunCLB.NewDeployer(&pAliyunCLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pAliyunCLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerPort:    maputil.GetOrDefaultInt32(options.ProviderDeployConfig, "listenerPort", 443),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pAliyunCLB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerPort:    maputil.GetOrDefaultInt32(options.ProviderExtendedConfig, "listenerPort", 443),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunDCDN:
+			case domain.DeploymentProviderTypeAliyunDCDN:
 				deployer, err := pAliyunDCDN.NewDeployer(&pAliyunDCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunESA:
+			case domain.DeploymentProviderTypeAliyunESA:
 				deployer, err := pAliyunESA.NewDeployer(&pAliyunESA.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					SiteId:          maputil.GetInt64(options.ProviderDeployConfig, "siteId"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					SiteId:          maputil.GetInt64(options.ProviderExtendedConfig, "siteId"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunFC:
+			case domain.DeploymentProviderTypeAliyunFC:
 				deployer, err := pAliyunFC.NewDeployer(&pAliyunFC.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ServiceVersion:  maputil.GetOrDefaultString(options.ProviderDeployConfig, "serviceVersion", "3.0"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ServiceVersion:  maputil.GetOrDefaultString(options.ProviderExtendedConfig, "serviceVersion", "3.0"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunLive:
+			case domain.DeploymentProviderTypeAliyunLive:
 				deployer, err := pAliyunLive.NewDeployer(&pAliyunLive.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunNLB:
+			case domain.DeploymentProviderTypeAliyunNLB:
 				deployer, err := pAliyunNLB.NewDeployer(&pAliyunNLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pAliyunNLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:      maputil.GetString(options.ProviderDeployConfig, "listenerId"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pAliyunNLB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:      maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunOSS:
+			case domain.DeploymentProviderTypeAliyunOSS:
 				deployer, err := pAliyunOSS.NewDeployer(&pAliyunOSS.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					Bucket:          maputil.GetString(options.ProviderDeployConfig, "bucket"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Bucket:          maputil.GetString(options.ProviderExtendedConfig, "bucket"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunVOD:
+			case domain.DeploymentProviderTypeAliyunVOD:
 				deployer, err := pAliyunVOD.NewDeployer(&pAliyunVOD.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAliyunWAF:
+			case domain.DeploymentProviderTypeAliyunWAF:
 				deployer, err := pAliyunWAF.NewDeployer(&pAliyunWAF.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ServiceVersion:  maputil.GetOrDefaultString(options.ProviderDeployConfig, "serviceVersion", "3.0"),
-					InstanceId:      maputil.GetString(options.ProviderDeployConfig, "instanceId"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ServiceVersion:  maputil.GetOrDefaultString(options.ProviderExtendedConfig, "serviceVersion", "3.0"),
+					InstanceId:      maputil.GetString(options.ProviderExtendedConfig, "instanceId"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -273,7 +281,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeAWSACM, domain.DeployProviderTypeAWSCloudFront:
+	case domain.DeploymentProviderTypeAWSACM, domain.DeploymentProviderTypeAWSCloudFront:
 		{
 			access := domain.AccessConfigForAWS{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -281,20 +289,20 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeAWSACM:
+			case domain.DeploymentProviderTypeAWSACM:
 				deployer, err := pAWSACM.NewDeployer(&pAWSACM.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeAWSCloudFront:
+			case domain.DeploymentProviderTypeAWSCloudFront:
 				deployer, err := pAWSCloudFront.NewDeployer(&pAWSCloudFront.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					DistributionId:  maputil.GetString(options.ProviderDeployConfig, "distributionId"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					DistributionId:  maputil.GetString(options.ProviderExtendedConfig, "distributionId"),
 				})
 				return deployer, err
 
@@ -303,7 +311,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeAzureKeyVault:
+	case domain.DeploymentProviderTypeAzureKeyVault:
 		{
 			access := domain.AccessConfigForAzure{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -311,14 +319,14 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeAzureKeyVault:
+			case domain.DeploymentProviderTypeAzureKeyVault:
 				deployer, err := pAzureKeyVault.NewDeployer(&pAzureKeyVault.DeployerConfig{
 					TenantId:        access.TenantId,
 					ClientId:        access.ClientId,
 					ClientSecret:    access.ClientSecret,
 					CloudName:       access.CloudName,
-					KeyVaultName:    maputil.GetString(options.ProviderDeployConfig, "keyvaultName"),
-					CertificateName: maputil.GetString(options.ProviderDeployConfig, "certificateName"),
+					KeyVaultName:    maputil.GetString(options.ProviderExtendedConfig, "keyvaultName"),
+					CertificateName: maputil.GetString(options.ProviderExtendedConfig, "certificateName"),
 				})
 				return deployer, err
 
@@ -327,7 +335,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeBaiduCloudAppBLB, domain.DeployProviderTypeBaiduCloudBLB, domain.DeployProviderTypeBaiduCloudCDN, domain.DeployProviderTypeBaiduCloudCert:
+	case domain.DeploymentProviderTypeBaiduCloudAppBLB, domain.DeploymentProviderTypeBaiduCloudBLB, domain.DeploymentProviderTypeBaiduCloudCDN, domain.DeploymentProviderTypeBaiduCloudCert:
 		{
 			access := domain.AccessConfigForBaiduCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -335,39 +343,39 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeBaiduCloudAppBLB:
+			case domain.DeploymentProviderTypeBaiduCloudAppBLB:
 				deployer, err := pBaiduCloudAppBLB.NewDeployer(&pBaiduCloudAppBLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pBaiduCloudAppBLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerPort:    maputil.GetInt32(options.ProviderDeployConfig, "listenerPort"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pBaiduCloudAppBLB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerPort:    maputil.GetInt32(options.ProviderExtendedConfig, "listenerPort"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeBaiduCloudBLB:
+			case domain.DeploymentProviderTypeBaiduCloudBLB:
 				deployer, err := pBaiduCloudBLB.NewDeployer(&pBaiduCloudBLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pBaiduCloudBLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerPort:    maputil.GetInt32(options.ProviderDeployConfig, "listenerPort"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pBaiduCloudBLB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerPort:    maputil.GetInt32(options.ProviderExtendedConfig, "listenerPort"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeBaiduCloudCDN:
+			case domain.DeploymentProviderTypeBaiduCloudCDN:
 				deployer, err := pBaiduCloudCDN.NewDeployer(&pBaiduCloudCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeBaiduCloudCert:
+			case domain.DeploymentProviderTypeBaiduCloudCert:
 				deployer, err := pBaiduCloudCert.NewDeployer(&pBaiduCloudCert.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
@@ -379,7 +387,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeBaishanCDN:
+	case domain.DeploymentProviderTypeBaishanCDN:
 		{
 			access := domain.AccessConfigForBaishan{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -387,11 +395,11 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeBaishanCDN:
+			case domain.DeploymentProviderTypeBaishanCDN:
 				deployer, err := pBaishanCDN.NewDeployer(&pBaishanCDN.DeployerConfig{
 					ApiToken:      access.ApiToken,
-					Domain:        maputil.GetString(options.ProviderDeployConfig, "domain"),
-					CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"),
+					Domain:        maputil.GetString(options.ProviderExtendedConfig, "domain"),
+					CertificateId: maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
 				})
 				return deployer, err
 
@@ -400,7 +408,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeBaotaPanelConsole, domain.DeployProviderTypeBaotaPanelSite:
+	case domain.DeploymentProviderTypeBaotaPanelConsole, domain.DeploymentProviderTypeBaotaPanelSite:
 		{
 			access := domain.AccessConfigForBaotaPanel{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -408,23 +416,23 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeBaotaPanelConsole:
+			case domain.DeploymentProviderTypeBaotaPanelConsole:
 				deployer, err := pBaotaPanelConsole.NewDeployer(&pBaotaPanelConsole.DeployerConfig{
 					ApiUrl:                   access.ApiUrl,
 					ApiKey:                   access.ApiKey,
 					AllowInsecureConnections: access.AllowInsecureConnections,
-					AutoRestart:              maputil.GetBool(options.ProviderDeployConfig, "autoRestart"),
+					AutoRestart:              maputil.GetBool(options.ProviderExtendedConfig, "autoRestart"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeBaotaPanelSite:
+			case domain.DeploymentProviderTypeBaotaPanelSite:
 				deployer, err := pBaotaPanelSite.NewDeployer(&pBaotaPanelSite.DeployerConfig{
 					ApiUrl:                   access.ApiUrl,
 					ApiKey:                   access.ApiKey,
 					AllowInsecureConnections: access.AllowInsecureConnections,
-					SiteType:                 maputil.GetOrDefaultString(options.ProviderDeployConfig, "siteType", "other"),
-					SiteName:                 maputil.GetString(options.ProviderDeployConfig, "siteName"),
-					SiteNames:                sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderDeployConfig, "siteNames"), ";"), func(s string) bool { return s != "" }),
+					SiteType:                 maputil.GetOrDefaultString(options.ProviderExtendedConfig, "siteType", "other"),
+					SiteName:                 maputil.GetString(options.ProviderExtendedConfig, "siteName"),
+					SiteNames:                sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderExtendedConfig, "siteNames"), ";"), func(s string) bool { return s != "" }),
 				})
 				return deployer, err
 
@@ -433,7 +441,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeBunnyCDN:
+	case domain.DeploymentProviderTypeBunnyCDN:
 		{
 			access := domain.AccessConfigForBunny{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -442,13 +450,13 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 
 			deployer, err := pBunnyCDN.NewDeployer(&pBunnyCDN.DeployerConfig{
 				ApiKey:     access.ApiKey,
-				PullZoneId: maputil.GetString(options.ProviderDeployConfig, "pullZoneId"),
-				Hostname:   maputil.GetString(options.ProviderDeployConfig, "hostname"),
+				PullZoneId: maputil.GetString(options.ProviderExtendedConfig, "pullZoneId"),
+				Hostname:   maputil.GetString(options.ProviderExtendedConfig, "hostname"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeBytePlusCDN:
+	case domain.DeploymentProviderTypeBytePlusCDN:
 		{
 			access := domain.AccessConfigForBytePlus{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -456,11 +464,11 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeBytePlusCDN:
+			case domain.DeploymentProviderTypeBytePlusCDN:
 				deployer, err := pBytePlusCDN.NewDeployer(&pBytePlusCDN.DeployerConfig{
 					AccessKey: access.AccessKey,
 					SecretKey: access.SecretKey,
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -469,7 +477,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeCacheFly:
+	case domain.DeploymentProviderTypeCacheFly:
 		{
 			access := domain.AccessConfigForCacheFly{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -482,7 +490,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeCdnfly:
+	case domain.DeploymentProviderTypeCdnfly:
 		{
 			access := domain.AccessConfigForCdnfly{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -493,14 +501,14 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 				ApiUrl:        access.ApiUrl,
 				ApiKey:        access.ApiKey,
 				ApiSecret:     access.ApiSecret,
-				ResourceType:  pCdnfly.ResourceType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "resourceType", string(pCdnfly.RESOURCE_TYPE_SITE))),
-				SiteId:        maputil.GetString(options.ProviderDeployConfig, "siteId"),
-				CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"),
+				ResourceType:  pCdnfly.ResourceType(maputil.GetOrDefaultString(options.ProviderExtendedConfig, "resourceType", string(pCdnfly.RESOURCE_TYPE_SITE))),
+				SiteId:        maputil.GetString(options.ProviderExtendedConfig, "siteId"),
+				CertificateId: maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeDogeCloudCDN:
+	case domain.DeploymentProviderTypeDogeCloudCDN:
 		{
 			access := domain.AccessConfigForDogeCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -510,12 +518,12 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			deployer, err := pDogeCDN.NewDeployer(&pDogeCDN.DeployerConfig{
 				AccessKey: access.AccessKey,
 				SecretKey: access.SecretKey,
-				Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+				Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeEdgioApplications:
+	case domain.DeploymentProviderTypeEdgioApplications:
 		{
 			access := domain.AccessConfigForEdgio{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -525,12 +533,12 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			deployer, err := pEdgioApplications.NewDeployer(&pEdgioApplications.DeployerConfig{
 				ClientId:      access.ClientId,
 				ClientSecret:  access.ClientSecret,
-				EnvironmentId: maputil.GetString(options.ProviderDeployConfig, "environmentId"),
+				EnvironmentId: maputil.GetString(options.ProviderExtendedConfig, "environmentId"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeGcoreCDN:
+	case domain.DeploymentProviderTypeGcoreCDN:
 		{
 			access := domain.AccessConfigForGcore{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -538,10 +546,10 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeGcoreCDN:
+			case domain.DeploymentProviderTypeGcoreCDN:
 				deployer, err := pGcoreCDN.NewDeployer(&pGcoreCDN.DeployerConfig{
 					ApiToken:   access.ApiToken,
-					ResourceId: maputil.GetInt64(options.ProviderDeployConfig, "resourceId"),
+					ResourceId: maputil.GetInt64(options.ProviderExtendedConfig, "resourceId"),
 				})
 				return deployer, err
 
@@ -550,7 +558,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeHuaweiCloudCDN, domain.DeployProviderTypeHuaweiCloudELB, domain.DeployProviderTypeHuaweiCloudSCM, domain.DeployProviderTypeHuaweiCloudWAF:
+	case domain.DeploymentProviderTypeHuaweiCloudCDN, domain.DeploymentProviderTypeHuaweiCloudELB, domain.DeploymentProviderTypeHuaweiCloudSCM, domain.DeploymentProviderTypeHuaweiCloudWAF:
 		{
 			access := domain.AccessConfigForHuaweiCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -558,42 +566,42 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeHuaweiCloudCDN:
+			case domain.DeploymentProviderTypeHuaweiCloudCDN:
 				deployer, err := pHuaweiCloudCDN.NewDeployer(&pHuaweiCloudCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeHuaweiCloudELB:
+			case domain.DeploymentProviderTypeHuaweiCloudELB:
 				deployer, err := pHuaweiCloudELB.NewDeployer(&pHuaweiCloudELB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pHuaweiCloudELB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					CertificateId:   maputil.GetString(options.ProviderDeployConfig, "certificateId"),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:      maputil.GetString(options.ProviderDeployConfig, "listenerId"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pHuaweiCloudELB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					CertificateId:   maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:      maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeHuaweiCloudSCM:
+			case domain.DeploymentProviderTypeHuaweiCloudSCM:
 				deployer, err := pHuaweiCloudSCM.NewDeployer(&pHuaweiCloudSCM.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeHuaweiCloudWAF:
+			case domain.DeploymentProviderTypeHuaweiCloudWAF:
 				deployer, err := pHuaweiCloudWAF.NewDeployer(&pHuaweiCloudWAF.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pHuaweiCloudWAF.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					CertificateId:   maputil.GetString(options.ProviderDeployConfig, "certificateId"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pHuaweiCloudWAF.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					CertificateId:   maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -602,7 +610,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeJDCloudALB, domain.DeployProviderTypeJDCloudCDN, domain.DeployProviderTypeJDCloudLive, domain.DeployProviderTypeJDCloudVOD:
+	case domain.DeploymentProviderTypeJDCloudALB, domain.DeploymentProviderTypeJDCloudCDN, domain.DeploymentProviderTypeJDCloudLive, domain.DeploymentProviderTypeJDCloudVOD:
 		{
 			access := domain.AccessConfigForJDCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -610,38 +618,38 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeJDCloudALB:
+			case domain.DeploymentProviderTypeJDCloudALB:
 				deployer, err := pJDCloudALB.NewDeployer(&pJDCloudALB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					RegionId:        maputil.GetString(options.ProviderDeployConfig, "regionId"),
-					ResourceType:    pJDCloudALB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:      maputil.GetString(options.ProviderDeployConfig, "listenerId"),
+					RegionId:        maputil.GetString(options.ProviderExtendedConfig, "regionId"),
+					ResourceType:    pJDCloudALB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:      maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeJDCloudCDN:
+			case domain.DeploymentProviderTypeJDCloudCDN:
 				deployer, err := pJDCloudCDN.NewDeployer(&pJDCloudCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeJDCloudLive:
+			case domain.DeploymentProviderTypeJDCloudLive:
 				deployer, err := pJDCloudLive.NewDeployer(&pJDCloudLive.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeJDCloudVOD:
+			case domain.DeploymentProviderTypeJDCloudVOD:
 				deployer, err := pJDCloudVOD.NewDeployer(&pJDCloudVOD.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -650,24 +658,24 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeLocal:
+	case domain.DeploymentProviderTypeLocal:
 		{
 			deployer, err := pLocal.NewDeployer(&pLocal.DeployerConfig{
-				ShellEnv:       pLocal.ShellEnvType(maputil.GetString(options.ProviderDeployConfig, "shellEnv")),
-				PreCommand:     maputil.GetString(options.ProviderDeployConfig, "preCommand"),
-				PostCommand:    maputil.GetString(options.ProviderDeployConfig, "postCommand"),
-				OutputFormat:   pLocal.OutputFormatType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "format", string(pLocal.OUTPUT_FORMAT_PEM))),
-				OutputCertPath: maputil.GetString(options.ProviderDeployConfig, "certPath"),
-				OutputKeyPath:  maputil.GetString(options.ProviderDeployConfig, "keyPath"),
-				PfxPassword:    maputil.GetString(options.ProviderDeployConfig, "pfxPassword"),
-				JksAlias:       maputil.GetString(options.ProviderDeployConfig, "jksAlias"),
-				JksKeypass:     maputil.GetString(options.ProviderDeployConfig, "jksKeypass"),
-				JksStorepass:   maputil.GetString(options.ProviderDeployConfig, "jksStorepass"),
+				ShellEnv:       pLocal.ShellEnvType(maputil.GetString(options.ProviderExtendedConfig, "shellEnv")),
+				PreCommand:     maputil.GetString(options.ProviderExtendedConfig, "preCommand"),
+				PostCommand:    maputil.GetString(options.ProviderExtendedConfig, "postCommand"),
+				OutputFormat:   pLocal.OutputFormatType(maputil.GetOrDefaultString(options.ProviderExtendedConfig, "format", string(pLocal.OUTPUT_FORMAT_PEM))),
+				OutputCertPath: maputil.GetString(options.ProviderExtendedConfig, "certPath"),
+				OutputKeyPath:  maputil.GetString(options.ProviderExtendedConfig, "keyPath"),
+				PfxPassword:    maputil.GetString(options.ProviderExtendedConfig, "pfxPassword"),
+				JksAlias:       maputil.GetString(options.ProviderExtendedConfig, "jksAlias"),
+				JksKeypass:     maputil.GetString(options.ProviderExtendedConfig, "jksKeypass"),
+				JksStorepass:   maputil.GetString(options.ProviderExtendedConfig, "jksStorepass"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeKubernetesSecret:
+	case domain.DeploymentProviderTypeKubernetesSecret:
 		{
 			access := domain.AccessConfigForKubernetes{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -676,16 +684,16 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 
 			deployer, err := pK8sSecret.NewDeployer(&pK8sSecret.DeployerConfig{
 				KubeConfig:          access.KubeConfig,
-				Namespace:           maputil.GetOrDefaultString(options.ProviderDeployConfig, "namespace", "default"),
-				SecretName:          maputil.GetString(options.ProviderDeployConfig, "secretName"),
-				SecretType:          maputil.GetOrDefaultString(options.ProviderDeployConfig, "secretType", "kubernetes.io/tls"),
-				SecretDataKeyForCrt: maputil.GetOrDefaultString(options.ProviderDeployConfig, "secretDataKeyForCrt", "tls.crt"),
-				SecretDataKeyForKey: maputil.GetOrDefaultString(options.ProviderDeployConfig, "secretDataKeyForKey", "tls.key"),
+				Namespace:           maputil.GetOrDefaultString(options.ProviderExtendedConfig, "namespace", "default"),
+				SecretName:          maputil.GetString(options.ProviderExtendedConfig, "secretName"),
+				SecretType:          maputil.GetOrDefaultString(options.ProviderExtendedConfig, "secretType", "kubernetes.io/tls"),
+				SecretDataKeyForCrt: maputil.GetOrDefaultString(options.ProviderExtendedConfig, "secretDataKeyForCrt", "tls.crt"),
+				SecretDataKeyForKey: maputil.GetOrDefaultString(options.ProviderExtendedConfig, "secretDataKeyForKey", "tls.key"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeQiniuCDN, domain.DeployProviderTypeQiniuKodo, domain.DeployProviderTypeQiniuPili:
+	case domain.DeploymentProviderTypeQiniuCDN, domain.DeploymentProviderTypeQiniuKodo, domain.DeploymentProviderTypeQiniuPili:
 		{
 			access := domain.AccessConfigForQiniu{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -693,20 +701,20 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeQiniuCDN, domain.DeployProviderTypeQiniuKodo:
+			case domain.DeploymentProviderTypeQiniuCDN, domain.DeploymentProviderTypeQiniuKodo:
 				deployer, err := pQiniuCDN.NewDeployer(&pQiniuCDN.DeployerConfig{
 					AccessKey: access.AccessKey,
 					SecretKey: access.SecretKey,
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeQiniuPili:
+			case domain.DeploymentProviderTypeQiniuPili:
 				deployer, err := pQiniuPili.NewDeployer(&pQiniuPili.DeployerConfig{
 					AccessKey: access.AccessKey,
 					SecretKey: access.SecretKey,
-					Hub:       maputil.GetString(options.ProviderDeployConfig, "hub"),
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Hub:       maputil.GetString(options.ProviderExtendedConfig, "hub"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -715,7 +723,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeRainYunRCDN:
+	case domain.DeploymentProviderTypeRainYunRCDN:
 		{
 			access := domain.AccessConfigForRainYun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -723,11 +731,11 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeTencentCloudCDN:
+			case domain.DeploymentProviderTypeTencentCloudCDN:
 				deployer, err := pRainYunRCDN.NewDeployer(&pRainYunRCDN.DeployerConfig{
 					ApiKey:     access.ApiKey,
-					InstanceId: maputil.GetInt32(options.ProviderDeployConfig, "instanceId"),
-					Domain:     maputil.GetString(options.ProviderDeployConfig, "domain"),
+					InstanceId: maputil.GetInt32(options.ProviderExtendedConfig, "instanceId"),
+					Domain:     maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -736,7 +744,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeSafeLine:
+	case domain.DeploymentProviderTypeSafeLine:
 		{
 			access := domain.AccessConfigForSafeLine{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -747,13 +755,13 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 				ApiUrl:                   access.ApiUrl,
 				ApiToken:                 access.ApiToken,
 				AllowInsecureConnections: access.AllowInsecureConnections,
-				ResourceType:             pSafeLine.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-				CertificateId:            maputil.GetInt32(options.ProviderDeployConfig, "certificateId"),
+				ResourceType:             pSafeLine.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+				CertificateId:            maputil.GetInt32(options.ProviderExtendedConfig, "certificateId"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeSSH:
+	case domain.DeploymentProviderTypeSSH:
 		{
 			access := domain.AccessConfigForSSH{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -767,21 +775,21 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 				SshPassword:      access.Password,
 				SshKey:           access.Key,
 				SshKeyPassphrase: access.KeyPassphrase,
-				UseSCP:           maputil.GetBool(options.ProviderDeployConfig, "useSCP"),
-				PreCommand:       maputil.GetString(options.ProviderDeployConfig, "preCommand"),
-				PostCommand:      maputil.GetString(options.ProviderDeployConfig, "postCommand"),
-				OutputFormat:     pSSH.OutputFormatType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "format", string(pSSH.OUTPUT_FORMAT_PEM))),
-				OutputCertPath:   maputil.GetString(options.ProviderDeployConfig, "certPath"),
-				OutputKeyPath:    maputil.GetString(options.ProviderDeployConfig, "keyPath"),
-				PfxPassword:      maputil.GetString(options.ProviderDeployConfig, "pfxPassword"),
-				JksAlias:         maputil.GetString(options.ProviderDeployConfig, "jksAlias"),
-				JksKeypass:       maputil.GetString(options.ProviderDeployConfig, "jksKeypass"),
-				JksStorepass:     maputil.GetString(options.ProviderDeployConfig, "jksStorepass"),
+				UseSCP:           maputil.GetBool(options.ProviderExtendedConfig, "useSCP"),
+				PreCommand:       maputil.GetString(options.ProviderExtendedConfig, "preCommand"),
+				PostCommand:      maputil.GetString(options.ProviderExtendedConfig, "postCommand"),
+				OutputFormat:     pSSH.OutputFormatType(maputil.GetOrDefaultString(options.ProviderExtendedConfig, "format", string(pSSH.OUTPUT_FORMAT_PEM))),
+				OutputCertPath:   maputil.GetString(options.ProviderExtendedConfig, "certPath"),
+				OutputKeyPath:    maputil.GetString(options.ProviderExtendedConfig, "keyPath"),
+				PfxPassword:      maputil.GetString(options.ProviderExtendedConfig, "pfxPassword"),
+				JksAlias:         maputil.GetString(options.ProviderExtendedConfig, "jksAlias"),
+				JksKeypass:       maputil.GetString(options.ProviderExtendedConfig, "jksKeypass"),
+				JksStorepass:     maputil.GetString(options.ProviderExtendedConfig, "jksStorepass"),
 			})
 			return deployer, err
 		}
 
-	case domain.DeployProviderTypeTencentCloudCDN, domain.DeployProviderTypeTencentCloudCLB, domain.DeployProviderTypeTencentCloudCOS, domain.DeployProviderTypeTencentCloudCSS, domain.DeployProviderTypeTencentCloudECDN, domain.DeployProviderTypeTencentCloudEO, domain.DeployProviderTypeTencentCloudSCF, domain.DeployProviderTypeTencentCloudSSL, domain.DeployProviderTypeTencentCloudSSLDeploy, domain.DeployProviderTypeTencentCloudVOD, domain.DeployProviderTypeTencentCloudWAF:
+	case domain.DeploymentProviderTypeTencentCloudCDN, domain.DeploymentProviderTypeTencentCloudCLB, domain.DeploymentProviderTypeTencentCloudCOS, domain.DeploymentProviderTypeTencentCloudCSS, domain.DeploymentProviderTypeTencentCloudECDN, domain.DeploymentProviderTypeTencentCloudEO, domain.DeploymentProviderTypeTencentCloudSCF, domain.DeploymentProviderTypeTencentCloudSSL, domain.DeploymentProviderTypeTencentCloudSSLDeploy, domain.DeploymentProviderTypeTencentCloudVOD, domain.DeploymentProviderTypeTencentCloudWAF:
 		{
 			access := domain.AccessConfigForTencentCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -789,103 +797,103 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeTencentCloudCDN:
+			case domain.DeploymentProviderTypeTencentCloudCDN:
 				deployer, err := pTencentCloudCDN.NewDeployer(&pTencentCloudCDN.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudCLB:
+			case domain.DeploymentProviderTypeTencentCloudCLB:
 				deployer, err := pTencentCloudCLB.NewDeployer(&pTencentCloudCLB.DeployerConfig{
 					SecretId:       access.SecretId,
 					SecretKey:      access.SecretKey,
-					Region:         maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:   pTencentCloudCLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId: maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:     maputil.GetString(options.ProviderDeployConfig, "listenerId"),
-					Domain:         maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:         maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:   pTencentCloudCLB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId: maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:     maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
+					Domain:         maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudCOS:
+			case domain.DeploymentProviderTypeTencentCloudCOS:
 				deployer, err := pTencentCloudCOS.NewDeployer(&pTencentCloudCOS.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					Region:    maputil.GetString(options.ProviderDeployConfig, "region"),
-					Bucket:    maputil.GetString(options.ProviderDeployConfig, "bucket"),
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:    maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Bucket:    maputil.GetString(options.ProviderExtendedConfig, "bucket"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudCSS:
+			case domain.DeploymentProviderTypeTencentCloudCSS:
 				deployer, err := pTencentCloudCSS.NewDeployer(&pTencentCloudCSS.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudECDN:
+			case domain.DeploymentProviderTypeTencentCloudECDN:
 				deployer, err := pTencentCloudECDN.NewDeployer(&pTencentCloudECDN.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudEO:
+			case domain.DeploymentProviderTypeTencentCloudEO:
 				deployer, err := pTencentCloudEO.NewDeployer(&pTencentCloudEO.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					ZoneId:    maputil.GetString(options.ProviderDeployConfig, "zoneId"),
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					ZoneId:    maputil.GetString(options.ProviderExtendedConfig, "zoneId"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudSCF:
+			case domain.DeploymentProviderTypeTencentCloudSCF:
 				deployer, err := pTencentCloudSCF.NewDeployer(&pTencentCloudSCF.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					Region:    maputil.GetString(options.ProviderDeployConfig, "region"),
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:    maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudSSL:
+			case domain.DeploymentProviderTypeTencentCloudSSL:
 				deployer, err := pTencentCloudSSL.NewDeployer(&pTencentCloudSSL.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudSSLDeploy:
+			case domain.DeploymentProviderTypeTencentCloudSSLDeploy:
 				deployer, err := pTencentCloudSSLDeploy.NewDeployer(&pTencentCloudSSLDeploy.DeployerConfig{
 					SecretId:     access.SecretId,
 					SecretKey:    access.SecretKey,
-					Region:       maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType: maputil.GetString(options.ProviderDeployConfig, "resourceType"),
-					ResourceIds:  sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderDeployConfig, "resourceIds"), ";"), func(s string) bool { return s != "" }),
+					Region:       maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType: maputil.GetString(options.ProviderExtendedConfig, "resourceType"),
+					ResourceIds:  sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderExtendedConfig, "resourceIds"), ";"), func(s string) bool { return s != "" }),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudVOD:
+			case domain.DeploymentProviderTypeTencentCloudVOD:
 				deployer, err := pTencentCloudVOD.NewDeployer(&pTencentCloudVOD.DeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
-					SubAppId:  maputil.GetInt64(options.ProviderDeployConfig, "subAppId"),
-					Domain:    maputil.GetString(options.ProviderDeployConfig, "domain"),
+					SubAppId:  maputil.GetInt64(options.ProviderExtendedConfig, "subAppId"),
+					Domain:    maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeTencentCloudWAF:
+			case domain.DeploymentProviderTypeTencentCloudWAF:
 				deployer, err := pTencentCloudWAF.NewDeployer(&pTencentCloudWAF.DeployerConfig{
 					SecretId:   access.SecretId,
 					SecretKey:  access.SecretKey,
-					Domain:     maputil.GetString(options.ProviderDeployConfig, "domain"),
-					DomainId:   maputil.GetString(options.ProviderDeployConfig, "domainId"),
-					InstanceId: maputil.GetString(options.ProviderDeployConfig, "instanceId"),
+					Domain:     maputil.GetString(options.ProviderExtendedConfig, "domain"),
+					DomainId:   maputil.GetString(options.ProviderExtendedConfig, "domainId"),
+					InstanceId: maputil.GetString(options.ProviderExtendedConfig, "instanceId"),
 				})
 				return deployer, err
 
@@ -894,7 +902,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeUCloudUCDN, domain.DeployProviderTypeUCloudUS3:
+	case domain.DeploymentProviderTypeUCloudUCDN, domain.DeploymentProviderTypeUCloudUS3:
 		{
 			access := domain.AccessConfigForUCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -902,23 +910,23 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeUCloudUCDN:
+			case domain.DeploymentProviderTypeUCloudUCDN:
 				deployer, err := pUCloudUCDN.NewDeployer(&pUCloudUCDN.DeployerConfig{
 					PrivateKey: access.PrivateKey,
 					PublicKey:  access.PublicKey,
 					ProjectId:  access.ProjectId,
-					DomainId:   maputil.GetString(options.ProviderDeployConfig, "domainId"),
+					DomainId:   maputil.GetString(options.ProviderExtendedConfig, "domainId"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeUCloudUS3:
+			case domain.DeploymentProviderTypeUCloudUS3:
 				deployer, err := pUCloudUS3.NewDeployer(&pUCloudUS3.DeployerConfig{
 					PrivateKey: access.PrivateKey,
 					PublicKey:  access.PublicKey,
 					ProjectId:  access.ProjectId,
-					Region:     maputil.GetString(options.ProviderDeployConfig, "region"),
-					Bucket:     maputil.GetString(options.ProviderDeployConfig, "bucket"),
-					Domain:     maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:     maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Bucket:     maputil.GetString(options.ProviderExtendedConfig, "bucket"),
+					Domain:     maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -927,7 +935,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeUpyunCDN, domain.DeployProviderTypeUpyunFile:
+	case domain.DeploymentProviderTypeUpyunCDN, domain.DeploymentProviderTypeUpyunFile:
 		{
 			access := domain.AccessConfigForUpyun{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -935,11 +943,11 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeUpyunCDN, domain.DeployProviderTypeUpyunFile:
+			case domain.DeploymentProviderTypeUpyunCDN, domain.DeploymentProviderTypeUpyunFile:
 				deployer, err := pUpyunCDN.NewDeployer(&pUpyunCDN.DeployerConfig{
 					Username: access.Username,
 					Password: access.Password,
-					Domain:   maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:   maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -948,7 +956,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeVolcEngineALB, domain.DeployProviderTypeVolcEngineCDN, domain.DeployProviderTypeVolcEngineCertCenter, domain.DeployProviderTypeVolcEngineCLB, domain.DeployProviderTypeVolcEngineDCDN, domain.DeployProviderTypeVolcEngineImageX, domain.DeployProviderTypeVolcEngineLive, domain.DeployProviderTypeVolcEngineTOS:
+	case domain.DeploymentProviderTypeVolcEngineALB, domain.DeploymentProviderTypeVolcEngineCDN, domain.DeploymentProviderTypeVolcEngineCertCenter, domain.DeploymentProviderTypeVolcEngineCLB, domain.DeploymentProviderTypeVolcEngineDCDN, domain.DeploymentProviderTypeVolcEngineImageX, domain.DeploymentProviderTypeVolcEngineLive, domain.DeploymentProviderTypeVolcEngineTOS:
 		{
 			access := domain.AccessConfigForVolcEngine{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -956,78 +964,78 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeVolcEngineALB:
+			case domain.DeploymentProviderTypeVolcEngineALB:
 				deployer, err := pVolcEngineALB.NewDeployer(&pVolcEngineALB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pVolcEngineALB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:      maputil.GetString(options.ProviderDeployConfig, "listenerId"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pVolcEngineALB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:      maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineCDN:
+			case domain.DeploymentProviderTypeVolcEngineCDN:
 				deployer, err := pVolcEngineCDN.NewDeployer(&pVolcEngineCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineCertCenter:
+			case domain.DeploymentProviderTypeVolcEngineCertCenter:
 				deployer, err := pVolcEngineCertCenter.NewDeployer(&pVolcEngineCertCenter.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineCLB:
+			case domain.DeploymentProviderTypeVolcEngineCLB:
 				deployer, err := pVolcEngineCLB.NewDeployer(&pVolcEngineCLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ResourceType:    pVolcEngineCLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
-					ListenerId:      maputil.GetString(options.ProviderDeployConfig, "listenerId"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ResourceType:    pVolcEngineCLB.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+					LoadbalancerId:  maputil.GetString(options.ProviderExtendedConfig, "loadbalancerId"),
+					ListenerId:      maputil.GetString(options.ProviderExtendedConfig, "listenerId"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineDCDN:
+			case domain.DeploymentProviderTypeVolcEngineDCDN:
 				deployer, err := pVolcEngineDCDN.NewDeployer(&pVolcEngineDCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineImageX:
+			case domain.DeploymentProviderTypeVolcEngineImageX:
 				deployer, err := pVolcEngineImageX.NewDeployer(&pVolcEngineImageX.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					ServiceId:       maputil.GetString(options.ProviderDeployConfig, "serviceId"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					ServiceId:       maputil.GetString(options.ProviderExtendedConfig, "serviceId"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineLive:
+			case domain.DeploymentProviderTypeVolcEngineLive:
 				deployer, err := pVolcEngineLive.NewDeployer(&pVolcEngineLive.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
-			case domain.DeployProviderTypeVolcEngineTOS:
+			case domain.DeploymentProviderTypeVolcEngineTOS:
 				deployer, err := pVolcEngineTOS.NewDeployer(&pVolcEngineTOS.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderDeployConfig, "region"),
-					Bucket:          maputil.GetString(options.ProviderDeployConfig, "bucket"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
+					Region:          maputil.GetString(options.ProviderExtendedConfig, "region"),
+					Bucket:          maputil.GetString(options.ProviderExtendedConfig, "bucket"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
 				})
 				return deployer, err
 
@@ -1036,7 +1044,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeWangsuCDNPro:
+	case domain.DeploymentProviderTypeWangsuCDNPro:
 		{
 			access := domain.AccessConfigForWangsu{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -1044,15 +1052,15 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 
 			switch options.Provider {
-			case domain.DeployProviderTypeWangsuCDNPro:
+			case domain.DeploymentProviderTypeWangsuCDNPro:
 				deployer, err := pWangsuCDNPro.NewDeployer(&pWangsuCDNPro.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					ApiKey:          access.ApiKey,
-					Environment:     maputil.GetOrDefaultString(options.ProviderDeployConfig, "environment", "production"),
-					Domain:          maputil.GetString(options.ProviderDeployConfig, "domain"),
-					CertificateId:   maputil.GetString(options.ProviderDeployConfig, "certificateId"),
-					WebhookId:       maputil.GetString(options.ProviderDeployConfig, "webhookId"),
+					Environment:     maputil.GetOrDefaultString(options.ProviderExtendedConfig, "environment", "production"),
+					Domain:          maputil.GetString(options.ProviderExtendedConfig, "domain"),
+					CertificateId:   maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
+					WebhookId:       maputil.GetString(options.ProviderExtendedConfig, "webhookId"),
 				})
 				return deployer, err
 
@@ -1061,16 +1069,38 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
 			}
 		}
 
-	case domain.DeployProviderTypeWebhook:
+	case domain.DeploymentProviderTypeWebhook:
 		{
 			access := domain.AccessConfigForWebhook{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}
 
+			mergedHeaders := make(map[string]string)
+			if defaultHeadersString := access.HeadersString; defaultHeadersString != "" {
+				h, err := httputil.ParseHeaders(defaultHeadersString)
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse webhook headers: %w", err)
+				}
+				for key := range h {
+					mergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)
+				}
+			}
+			if extendedHeadersString := maputil.GetString(options.ProviderExtendedConfig, "headers"); extendedHeadersString != "" {
+				h, err := httputil.ParseHeaders(extendedHeadersString)
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse webhook headers: %w", err)
+				}
+				for key := range h {
+					mergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)
+				}
+			}
+
 			deployer, err := pWebhook.NewDeployer(&pWebhook.DeployerConfig{
 				WebhookUrl:               access.Url,
-				WebhookData:              maputil.GetString(options.ProviderDeployConfig, "webhookData"),
+				WebhookData:              maputil.GetOrDefaultString(options.ProviderExtendedConfig, "webhookData", access.DefaultDataForDeployment),
+				Method:                   access.Method,
+				Headers:                  mergedHeaders,
 				AllowInsecureConnections: access.AllowInsecureConnections,
 			})
 			return deployer, err
diff --git a/internal/domain/access.go b/internal/domain/access.go
index fdceae48..fd36417c 100644
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -11,6 +11,7 @@ type Access struct {
 	Name      string         `json:"name" db:"name"`
 	Provider  string         `json:"provider" db:"provider"`
 	Config    map[string]any `json:"config" db:"config"`
+	Reserve   string         `json:"reserve,omitempty" db:"reserve"`
 	DeletedAt *time.Time     `json:"deleted" db:"deleted"`
 }
 
@@ -97,6 +98,11 @@ type AccessConfigForDeSEC struct {
 	Token string `json:"token"`
 }
 
+type AccessConfigForDingTalkBot struct {
+	WebhookUrl string `json:"webhookUrl"`
+	Secret     string `json:"secret"`
+}
+
 type AccessConfigForDNSLA struct {
 	ApiId     string `json:"apiId"`
 	ApiSecret string `json:"apiSecret"`
@@ -116,6 +122,16 @@ type AccessConfigForEdgio struct {
 	ClientSecret string `json:"clientSecret"`
 }
 
+type AccessConfigForEmail struct {
+	SmtpHost               string `json:"smtpHost"`
+	SmtpPort               int32  `json:"smtpPort"`
+	SmtpTls                bool   `json:"smtpTls"`
+	Username               string `json:"username"`
+	Password               string `json:"password"`
+	DefaultSenderAddress   string `json:"defaultSenderAddress,omitempty"`
+	DefaultReceiverAddress string `json:"defaultReceiverAddress,omitempty"`
+}
+
 type AccessConfigForGcore struct {
 	ApiToken string `json:"apiToken"`
 }
@@ -149,6 +165,17 @@ type AccessConfigForKubernetes struct {
 	KubeConfig string `json:"kubeConfig,omitempty"`
 }
 
+type AccessConfigForLarkBot struct {
+	WebhookUrl string `json:"webhookUrl"`
+}
+
+type AccessConfigForMattermost struct {
+	ServerUrl        string `json:"serverUrl"`
+	Username         string `json:"username"`
+	Password         string `json:"password"`
+	DefaultChannelId string `json:"defaultChannelId,omitempty"`
+}
+
 type AccessConfigForNamecheap struct {
 	Username string `json:"username"`
 	ApiKey   string `json:"apiKey"`
@@ -206,6 +233,11 @@ type AccessConfigForSSLCom struct {
 	EabHmacKey string `json:"eabHmacKey"`
 }
 
+type AccessConfigForTelegram struct {
+	BotToken      string `json:"botToken"`
+	DefaultChatId int64  `json:"defaultChatId,omitempty"`
+}
+
 type AccessConfigForTencentCloud struct {
 	SecretId  string `json:"secretId"`
 	SecretKey string `json:"secretKey"`
@@ -239,8 +271,16 @@ type AccessConfigForWangsu struct {
 }
 
 type AccessConfigForWebhook struct {
-	Url                      string `json:"url"`
-	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
+	Url                        string `json:"url"`
+	Method                     string `json:"method,omitempty"`
+	HeadersString              string `json:"headers,omitempty"`
+	AllowInsecureConnections   bool   `json:"allowInsecureConnections,omitempty"`
+	DefaultDataForDeployment   string `json:"defaultDataForDeployment,omitempty"`
+	DefaultDataForNotification string `json:"defaultDataForNotification,omitempty"`
+}
+
+type AccessConfigForWeComBot struct {
+	WebhookUrl string `json:"webhookUrl"`
 }
 
 type AccessConfigForWestcn struct {
diff --git a/internal/domain/notify.go b/internal/domain/notify.go
index 6142dae5..1a244e9b 100644
--- a/internal/domain/notify.go
+++ b/internal/domain/notify.go
@@ -8,6 +8,7 @@ type NotifyChannelType string
 	注意：如果追加新的常量值，请保持以 ASCII 排序。
 	NOTICE: If you add new constant, please keep ASCII order.
 */
+// Deprecated: v0.4.x 将废弃
 const (
 	NotifyChannelTypeBark       = NotifyChannelType("bark")
 	NotifyChannelTypeDingTalk   = NotifyChannelType("dingtalk")
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index 267adc12..cb2ae3c9 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -19,6 +19,7 @@ const (
 	AccessProviderTypeBaishan             = AccessProviderType("baishan")
 	AccessProviderTypeBaotaPanel          = AccessProviderType("baotapanel")
 	AccessProviderTypeBytePlus            = AccessProviderType("byteplus")
+	AccessProviderTypeBunny               = AccessProviderType("bunny")
 	AccessProviderTypeBuypass             = AccessProviderType("buypass")
 	AccessProviderTypeCacheFly            = AccessProviderType("cachefly")
 	AccessProviderTypeCdnfly              = AccessProviderType("cdnfly")
@@ -28,10 +29,12 @@ const (
 	AccessProviderTypeCTCCCloud           = AccessProviderType("ctcccloud") // 联通云（预留）
 	AccessProviderTypeCUCCCloud           = AccessProviderType("cucccloud") // 天翼云（预留）
 	AccessProviderTypeDeSEC               = AccessProviderType("desec")
+	AccessProviderTypeDingTalkBot         = AccessProviderType("dingtalkbot")
 	AccessProviderTypeDNSLA               = AccessProviderType("dnsla")
 	AccessProviderTypeDogeCloud           = AccessProviderType("dogecloud")
 	AccessProviderTypeDynv6               = AccessProviderType("dynv6")
 	AccessProviderTypeEdgio               = AccessProviderType("edgio")
+	AccessProviderTypeEmail               = AccessProviderType("email")
 	AccessProviderTypeFastly              = AccessProviderType("fastly") // Fastly（预留）
 	AccessProviderTypeGname               = AccessProviderType("gname")
 	AccessProviderTypeGcore               = AccessProviderType("gcore")
@@ -41,9 +44,11 @@ const (
 	AccessProviderTypeHuaweiCloud         = AccessProviderType("huaweicloud")
 	AccessProviderTypeJDCloud             = AccessProviderType("jdcloud")
 	AccessProviderTypeKubernetes          = AccessProviderType("k8s")
+	AccessProviderTypeLarkBot             = AccessProviderType("larkbot")
 	AccessProviderTypeLetsEncrypt         = AccessProviderType("letsencrypt")
 	AccessProviderTypeLetsEncryptStaging  = AccessProviderType("letsencryptstaging")
 	AccessProviderTypeLocal               = AccessProviderType("local")
+	AccessProviderTypeMattermost          = AccessProviderType("mattermost")
 	AccessProviderTypeNamecheap           = AccessProviderType("namecheap")
 	AccessProviderTypeNameDotCom          = AccessProviderType("namedotcom")
 	AccessProviderTypeNameSilo            = AccessProviderType("namesilo")
@@ -56,6 +61,7 @@ const (
 	AccessProviderTypeSafeLine            = AccessProviderType("safeline")
 	AccessProviderTypeSSH                 = AccessProviderType("ssh")
 	AccessProviderTypeSSLCOM              = AccessProviderType("sslcom")
+	AccessProviderTypeTelegram            = AccessProviderType("telegram")
 	AccessProviderTypeTencentCloud        = AccessProviderType("tencentcloud")
 	AccessProviderTypeUCloud              = AccessProviderType("ucloud")
 	AccessProviderTypeUpyun               = AccessProviderType("upyun")
@@ -63,78 +69,79 @@ const (
 	AccessProviderTypeVolcEngine          = AccessProviderType("volcengine")
 	AccessProviderTypeWangsu              = AccessProviderType("wangsu")
 	AccessProviderTypeWebhook             = AccessProviderType("webhook")
+	AccessProviderTypeWeComBot            = AccessProviderType("wecombot")
 	AccessProviderTypeWestcn              = AccessProviderType("westcn")
 	AccessProviderTypeZeroSSL             = AccessProviderType("zerossl")
 )
 
-type ApplyCAProviderType string
+type CAProviderType string
 
 /*
-申请证书 CA 提供商常量值。
-始终等于授权提供商类型。
-
-	注意：如果追加新的常量值，请保持以 ASCII 排序。
-	NOTICE: If you add new constant, please keep ASCII order.
-*/
-const (
-	ApplyCAProviderTypeBuypass             = ApplyCAProviderType(string(AccessProviderTypeBuypass))
-	ApplyCAProviderTypeGoogleTrustServices = ApplyCAProviderType(string(AccessProviderTypeGoogleTrustServices))
-	ApplyCAProviderTypeLetsEncrypt         = ApplyCAProviderType(string(AccessProviderTypeLetsEncrypt))
-	ApplyCAProviderTypeLetsEncryptStaging  = ApplyCAProviderType(string(AccessProviderTypeLetsEncryptStaging))
-	ApplyCAProviderTypeSSLCom              = ApplyCAProviderType(string(AccessProviderTypeSSLCOM))
-	ApplyCAProviderTypeZeroSSL             = ApplyCAProviderType(string(AccessProviderTypeZeroSSL))
-)
-
-type ApplyDNSProviderType string
-
-/*
-申请证书 DNS 提供商常量值。
+证书颁发机构提供商常量值。
 短横线前的部分始终等于授权提供商类型。
 
 	注意：如果追加新的常量值，请保持以 ASCII 排序。
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
-	ApplyDNSProviderTypeACMEHttpReq     = ApplyDNSProviderType("acmehttpreq")
-	ApplyDNSProviderTypeAliyun          = ApplyDNSProviderType("aliyun") // 兼容旧值，等同于 [ApplyDNSProviderTypeAliyunDNS]
-	ApplyDNSProviderTypeAliyunDNS       = ApplyDNSProviderType("aliyun-dns")
-	ApplyDNSProviderTypeAWS             = ApplyDNSProviderType("aws") // 兼容旧值，等同于 [ApplyDNSProviderTypeAWSRoute53]
-	ApplyDNSProviderTypeAWSRoute53      = ApplyDNSProviderType("aws-route53")
-	ApplyDNSProviderTypeAzure           = ApplyDNSProviderType("azure") // 兼容旧值，等同于 [ApplyDNSProviderTypeAzure]
-	ApplyDNSProviderTypeAzureDNS        = ApplyDNSProviderType("azure-dns")
-	ApplyDNSProviderTypeBaiduCloud      = ApplyDNSProviderType("baiducloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeBaiduCloudDNS]
-	ApplyDNSProviderTypeBaiduCloudDNS   = ApplyDNSProviderType("baiducloud-dns")
-	ApplyDNSProviderTypeBunny           = ApplyDNSProviderType("bunny")
-	ApplyDNSProviderTypeCloudflare      = ApplyDNSProviderType("cloudflare")
-	ApplyDNSProviderTypeClouDNS         = ApplyDNSProviderType("cloudns")
-	ApplyDNSProviderTypeCMCCCloud       = ApplyDNSProviderType("cmcccloud")
-	ApplyDNSProviderTypeDeSEC           = ApplyDNSProviderType("desec")
-	ApplyDNSProviderTypeDNSLA           = ApplyDNSProviderType("dnsla")
-	ApplyDNSProviderTypeDynv6           = ApplyDNSProviderType("dynv6")
-	ApplyDNSProviderTypeGcore           = ApplyDNSProviderType("gcore")
-	ApplyDNSProviderTypeGname           = ApplyDNSProviderType("gname")
-	ApplyDNSProviderTypeGoDaddy         = ApplyDNSProviderType("godaddy")
-	ApplyDNSProviderTypeHuaweiCloud     = ApplyDNSProviderType("huaweicloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeHuaweiCloudDNS]
-	ApplyDNSProviderTypeHuaweiCloudDNS  = ApplyDNSProviderType("huaweicloud-dns")
-	ApplyDNSProviderTypeJDCloud         = ApplyDNSProviderType("jdcloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeJDCloudDNS]
-	ApplyDNSProviderTypeJDCloudDNS      = ApplyDNSProviderType("jdcloud-dns")
-	ApplyDNSProviderTypeNamecheap       = ApplyDNSProviderType("namecheap")
-	ApplyDNSProviderTypeNameDotCom      = ApplyDNSProviderType("namedotcom")
-	ApplyDNSProviderTypeNameSilo        = ApplyDNSProviderType("namesilo")
-	ApplyDNSProviderTypeNS1             = ApplyDNSProviderType("ns1")
-	ApplyDNSProviderTypePorkbun         = ApplyDNSProviderType("porkbun")
-	ApplyDNSProviderTypePowerDNS        = ApplyDNSProviderType("powerdns")
-	ApplyDNSProviderTypeRainYun         = ApplyDNSProviderType("rainyun")
-	ApplyDNSProviderTypeTencentCloud    = ApplyDNSProviderType("tencentcloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeTencentCloudDNS]
-	ApplyDNSProviderTypeTencentCloudDNS = ApplyDNSProviderType("tencentcloud-dns")
-	ApplyDNSProviderTypeTencentCloudEO  = ApplyDNSProviderType("tencentcloud-eo")
-	ApplyDNSProviderTypeVercel          = ApplyDNSProviderType("vercel")
-	ApplyDNSProviderTypeVolcEngine      = ApplyDNSProviderType("volcengine") // 兼容旧值，等同于 [ApplyDNSProviderTypeVolcEngineDNS]
-	ApplyDNSProviderTypeVolcEngineDNS   = ApplyDNSProviderType("volcengine-dns")
-	ApplyDNSProviderTypeWestcn          = ApplyDNSProviderType("westcn")
+	CAProviderTypeBuypass             = CAProviderType(AccessProviderTypeBuypass)
+	CAProviderTypeGoogleTrustServices = CAProviderType(AccessProviderTypeGoogleTrustServices)
+	CAProviderTypeLetsEncrypt         = CAProviderType(AccessProviderTypeLetsEncrypt)
+	CAProviderTypeLetsEncryptStaging  = CAProviderType(AccessProviderTypeLetsEncryptStaging)
+	CAProviderTypeSSLCom              = CAProviderType(AccessProviderTypeSSLCOM)
+	CAProviderTypeZeroSSL             = CAProviderType(AccessProviderTypeZeroSSL)
 )
 
-type DeployProviderType string
+type ACMEDns01ProviderType string
+
+/*
+ACME DNS-01 提供商常量值。
+短横线前的部分始终等于授权提供商类型。
+
+	注意：如果追加新的常量值，请保持以 ASCII 排序。
+	NOTICE: If you add new constant, please keep ASCII order.
+*/
+const (
+	ACMEDns01ProviderTypeACMEHttpReq     = ACMEDns01ProviderType(AccessProviderTypeACMEHttpReq)
+	ACMEDns01ProviderTypeAliyun          = ACMEDns01ProviderType(AccessProviderTypeAliyun) // 兼容旧值，等同于 [ACMEDns01ProviderTypeAliyunDNS]
+	ACMEDns01ProviderTypeAliyunDNS       = ACMEDns01ProviderType(AccessProviderTypeAliyun + "-dns")
+	ACMEDns01ProviderTypeAWS             = ACMEDns01ProviderType(AccessProviderTypeAWS) // 兼容旧值，等同于 [ACMEDns01ProviderTypeAWSRoute53]
+	ACMEDns01ProviderTypeAWSRoute53      = ACMEDns01ProviderType(AccessProviderTypeAWS + "-route53")
+	ACMEDns01ProviderTypeAzure           = ACMEDns01ProviderType(AccessProviderTypeAzure) // 兼容旧值，等同于 [ACMEDns01ProviderTypeAzure]
+	ACMEDns01ProviderTypeAzureDNS        = ACMEDns01ProviderType(AccessProviderTypeAzure + "-dns")
+	ACMEDns01ProviderTypeBaiduCloud      = ACMEDns01ProviderType(AccessProviderTypeBaiduCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeBaiduCloudDNS]
+	ACMEDns01ProviderTypeBaiduCloudDNS   = ACMEDns01ProviderType(AccessProviderTypeBaiduCloud + "-dns")
+	ACMEDns01ProviderTypeBunny           = ACMEDns01ProviderType(AccessProviderTypeBunny)
+	ACMEDns01ProviderTypeCloudflare      = ACMEDns01ProviderType(AccessProviderTypeCloudflare)
+	ACMEDns01ProviderTypeClouDNS         = ACMEDns01ProviderType(AccessProviderTypeClouDNS)
+	ACMEDns01ProviderTypeCMCCCloud       = ACMEDns01ProviderType(AccessProviderTypeCMCCCloud)
+	ACMEDns01ProviderTypeDeSEC           = ACMEDns01ProviderType(AccessProviderTypeDeSEC)
+	ACMEDns01ProviderTypeDNSLA           = ACMEDns01ProviderType(AccessProviderTypeDNSLA)
+	ACMEDns01ProviderTypeDynv6           = ACMEDns01ProviderType(AccessProviderTypeDynv6)
+	ACMEDns01ProviderTypeGcore           = ACMEDns01ProviderType(AccessProviderTypeGcore)
+	ACMEDns01ProviderTypeGname           = ACMEDns01ProviderType(AccessProviderTypeGname)
+	ACMEDns01ProviderTypeGoDaddy         = ACMEDns01ProviderType(AccessProviderTypeGoDaddy)
+	ACMEDns01ProviderTypeHuaweiCloud     = ACMEDns01ProviderType(AccessProviderTypeHuaweiCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeHuaweiCloudDNS]
+	ACMEDns01ProviderTypeHuaweiCloudDNS  = ACMEDns01ProviderType(AccessProviderTypeHuaweiCloud + "-dns")
+	ACMEDns01ProviderTypeJDCloud         = ACMEDns01ProviderType(AccessProviderTypeJDCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeJDCloudDNS]
+	ACMEDns01ProviderTypeJDCloudDNS      = ACMEDns01ProviderType(AccessProviderTypeJDCloud + "-dns")
+	ACMEDns01ProviderTypeNamecheap       = ACMEDns01ProviderType(AccessProviderTypeNamecheap)
+	ACMEDns01ProviderTypeNameDotCom      = ACMEDns01ProviderType(AccessProviderTypeNameDotCom)
+	ACMEDns01ProviderTypeNameSilo        = ACMEDns01ProviderType(AccessProviderTypeNameSilo)
+	ACMEDns01ProviderTypeNS1             = ACMEDns01ProviderType(AccessProviderTypeNS1)
+	ACMEDns01ProviderTypePorkbun         = ACMEDns01ProviderType(AccessProviderTypePorkbun)
+	ACMEDns01ProviderTypePowerDNS        = ACMEDns01ProviderType(AccessProviderTypePowerDNS)
+	ACMEDns01ProviderTypeRainYun         = ACMEDns01ProviderType(AccessProviderTypeRainYun)
+	ACMEDns01ProviderTypeTencentCloud    = ACMEDns01ProviderType(AccessProviderTypeTencentCloud) // 兼容旧值，等同于 [ACMEDns01ProviderTypeTencentCloudDNS]
+	ACMEDns01ProviderTypeTencentCloudDNS = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + "-dns")
+	ACMEDns01ProviderTypeTencentCloudEO  = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + "-eo")
+	ACMEDns01ProviderTypeVercel          = ACMEDns01ProviderType(AccessProviderTypeVercel)
+	ACMEDns01ProviderTypeVolcEngine      = ACMEDns01ProviderType(AccessProviderTypeVolcEngine) // 兼容旧值，等同于 [ACMEDns01ProviderTypeVolcEngineDNS]
+	ACMEDns01ProviderTypeVolcEngineDNS   = ACMEDns01ProviderType(AccessProviderTypeVolcEngine + "-dns")
+	ACMEDns01ProviderTypeWestcn          = ACMEDns01ProviderType(AccessProviderTypeWestcn)
+)
+
+type DeploymentProviderType string
 
 /*
 部署证书主机提供商常量值。
@@ -144,78 +151,97 @@ type DeployProviderType string
 	NOTICE: If you add new constant, please keep ASCII order.
 */
 const (
-	DeployProviderType1PanelConsole         = DeployProviderType("1panel-console")
-	DeployProviderType1PanelSite            = DeployProviderType("1panel-site")
-	DeployProviderTypeAliyunALB             = DeployProviderType("aliyun-alb")
-	DeployProviderTypeAliyunAPIGW           = DeployProviderType("aliyun-apigw")
-	DeployProviderTypeAliyunCAS             = DeployProviderType("aliyun-cas")
-	DeployProviderTypeAliyunCASDeploy       = DeployProviderType("aliyun-casdeploy")
-	DeployProviderTypeAliyunCDN             = DeployProviderType("aliyun-cdn")
-	DeployProviderTypeAliyunCLB             = DeployProviderType("aliyun-clb")
-	DeployProviderTypeAliyunDCDN            = DeployProviderType("aliyun-dcdn")
-	DeployProviderTypeAliyunESA             = DeployProviderType("aliyun-esa")
-	DeployProviderTypeAliyunFC              = DeployProviderType("aliyun-fc")
-	DeployProviderTypeAliyunLive            = DeployProviderType("aliyun-live")
-	DeployProviderTypeAliyunNLB             = DeployProviderType("aliyun-nlb")
-	DeployProviderTypeAliyunOSS             = DeployProviderType("aliyun-oss")
-	DeployProviderTypeAliyunVOD             = DeployProviderType("aliyun-vod")
-	DeployProviderTypeAliyunWAF             = DeployProviderType("aliyun-waf")
-	DeployProviderTypeAWSACM                = DeployProviderType("aws-acm")
-	DeployProviderTypeAWSCloudFront         = DeployProviderType("aws-cloudfront")
-	DeployProviderTypeAzureKeyVault         = DeployProviderType("azure-keyvault")
-	DeployProviderTypeBaiduCloudAppBLB      = DeployProviderType("baiducloud-appblb")
-	DeployProviderTypeBaiduCloudBLB         = DeployProviderType("baiducloud-blb")
-	DeployProviderTypeBaiduCloudCDN         = DeployProviderType("baiducloud-cdn")
-	DeployProviderTypeBaiduCloudCert        = DeployProviderType("baiducloud-cert")
-	DeployProviderTypeBaishanCDN            = DeployProviderType("baishan-cdn")
-	DeployProviderTypeBaotaPanelConsole     = DeployProviderType("baotapanel-console")
-	DeployProviderTypeBaotaPanelSite        = DeployProviderType("baotapanel-site")
-	DeployProviderTypeBunnyCDN              = DeployProviderType("bunny-cdn")
-	DeployProviderTypeBytePlusCDN           = DeployProviderType("byteplus-cdn")
-	DeployProviderTypeCacheFly              = DeployProviderType("cachefly")
-	DeployProviderTypeCdnfly                = DeployProviderType("cdnfly")
-	DeployProviderTypeDogeCloudCDN          = DeployProviderType("dogecloud-cdn")
-	DeployProviderTypeEdgioApplications     = DeployProviderType("edgio-applications")
-	DeployProviderTypeGcoreCDN              = DeployProviderType("gcore-cdn")
-	DeployProviderTypeHuaweiCloudCDN        = DeployProviderType("huaweicloud-cdn")
-	DeployProviderTypeHuaweiCloudELB        = DeployProviderType("huaweicloud-elb")
-	DeployProviderTypeHuaweiCloudSCM        = DeployProviderType("huaweicloud-scm")
-	DeployProviderTypeHuaweiCloudWAF        = DeployProviderType("huaweicloud-waf")
-	DeployProviderTypeJDCloudALB            = DeployProviderType("jdcloud-alb")
-	DeployProviderTypeJDCloudCDN            = DeployProviderType("jdcloud-cdn")
-	DeployProviderTypeJDCloudLive           = DeployProviderType("jdcloud-live")
-	DeployProviderTypeJDCloudVOD            = DeployProviderType("jdcloud-vod")
-	DeployProviderTypeKubernetesSecret      = DeployProviderType("k8s-secret")
-	DeployProviderTypeLocal                 = DeployProviderType("local")
-	DeployProviderTypeQiniuCDN              = DeployProviderType("qiniu-cdn")
-	DeployProviderTypeQiniuKodo             = DeployProviderType("qiniu-kodo")
-	DeployProviderTypeQiniuPili             = DeployProviderType("qiniu-pili")
-	DeployProviderTypeRainYunRCDN           = DeployProviderType("rainyun-rcdn")
-	DeployProviderTypeSafeLine              = DeployProviderType("safeline")
-	DeployProviderTypeSSH                   = DeployProviderType("ssh")
-	DeployProviderTypeTencentCloudCDN       = DeployProviderType("tencentcloud-cdn")
-	DeployProviderTypeTencentCloudCLB       = DeployProviderType("tencentcloud-clb")
-	DeployProviderTypeTencentCloudCOS       = DeployProviderType("tencentcloud-cos")
-	DeployProviderTypeTencentCloudCSS       = DeployProviderType("tencentcloud-css")
-	DeployProviderTypeTencentCloudECDN      = DeployProviderType("tencentcloud-ecdn")
-	DeployProviderTypeTencentCloudEO        = DeployProviderType("tencentcloud-eo")
-	DeployProviderTypeTencentCloudSCF       = DeployProviderType("tencentcloud-scf")
-	DeployProviderTypeTencentCloudSSL       = DeployProviderType("tencentcloud-ssl")
-	DeployProviderTypeTencentCloudSSLDeploy = DeployProviderType("tencentcloud-ssldeploy")
-	DeployProviderTypeTencentCloudVOD       = DeployProviderType("tencentcloud-vod")
-	DeployProviderTypeTencentCloudWAF       = DeployProviderType("tencentcloud-waf")
-	DeployProviderTypeUCloudUCDN            = DeployProviderType("ucloud-ucdn")
-	DeployProviderTypeUCloudUS3             = DeployProviderType("ucloud-us3")
-	DeployProviderTypeUpyunCDN              = DeployProviderType("upyun-cdn")
-	DeployProviderTypeUpyunFile             = DeployProviderType("upyun-file")
-	DeployProviderTypeVolcEngineALB         = DeployProviderType("volcengine-alb")
-	DeployProviderTypeVolcEngineCDN         = DeployProviderType("volcengine-cdn")
-	DeployProviderTypeVolcEngineCertCenter  = DeployProviderType("volcengine-certcenter")
-	DeployProviderTypeVolcEngineCLB         = DeployProviderType("volcengine-clb")
-	DeployProviderTypeVolcEngineDCDN        = DeployProviderType("volcengine-dcdn")
-	DeployProviderTypeVolcEngineImageX      = DeployProviderType("volcengine-imagex")
-	DeployProviderTypeVolcEngineLive        = DeployProviderType("volcengine-live")
-	DeployProviderTypeVolcEngineTOS         = DeployProviderType("volcengine-tos")
-	DeployProviderTypeWangsuCDNPro          = DeployProviderType("wangsu-cdnpro")
-	DeployProviderTypeWebhook               = DeployProviderType("webhook")
+	DeploymentProviderType1PanelConsole         = DeploymentProviderType(AccessProviderType1Panel + "-console")
+	DeploymentProviderType1PanelSite            = DeploymentProviderType(AccessProviderType1Panel + "-site")
+	DeploymentProviderTypeAliyunALB             = DeploymentProviderType(AccessProviderTypeAliyun + "-alb")
+	DeploymentProviderTypeAliyunAPIGW           = DeploymentProviderType(AccessProviderTypeAliyun + "-apigw")
+	DeploymentProviderTypeAliyunCAS             = DeploymentProviderType(AccessProviderTypeAliyun + "-cas")
+	DeploymentProviderTypeAliyunCASDeploy       = DeploymentProviderType(AccessProviderTypeAliyun + "-casdeploy")
+	DeploymentProviderTypeAliyunCDN             = DeploymentProviderType(AccessProviderTypeAliyun + "-cdn")
+	DeploymentProviderTypeAliyunCLB             = DeploymentProviderType(AccessProviderTypeAliyun + "-clb")
+	DeploymentProviderTypeAliyunDCDN            = DeploymentProviderType(AccessProviderTypeAliyun + "-dcdn")
+	DeploymentProviderTypeAliyunESA             = DeploymentProviderType(AccessProviderTypeAliyun + "-esa")
+	DeploymentProviderTypeAliyunFC              = DeploymentProviderType(AccessProviderTypeAliyun + "-fc")
+	DeploymentProviderTypeAliyunLive            = DeploymentProviderType(AccessProviderTypeAliyun + "-live")
+	DeploymentProviderTypeAliyunNLB             = DeploymentProviderType(AccessProviderTypeAliyun + "-nlb")
+	DeploymentProviderTypeAliyunOSS             = DeploymentProviderType(AccessProviderTypeAliyun + "-oss")
+	DeploymentProviderTypeAliyunVOD             = DeploymentProviderType(AccessProviderTypeAliyun + "-vod")
+	DeploymentProviderTypeAliyunWAF             = DeploymentProviderType(AccessProviderTypeAliyun + "-waf")
+	DeploymentProviderTypeAWSACM                = DeploymentProviderType(AccessProviderTypeAWS + "-acm")
+	DeploymentProviderTypeAWSCloudFront         = DeploymentProviderType(AccessProviderTypeAWS + "-cloudfront")
+	DeploymentProviderTypeAzureKeyVault         = DeploymentProviderType(AccessProviderTypeAzure + "-keyvault")
+	DeploymentProviderTypeBaiduCloudAppBLB      = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-appblb")
+	DeploymentProviderTypeBaiduCloudBLB         = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-blb")
+	DeploymentProviderTypeBaiduCloudCDN         = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-cdn")
+	DeploymentProviderTypeBaiduCloudCert        = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-cert")
+	DeploymentProviderTypeBaishanCDN            = DeploymentProviderType(AccessProviderTypeBaishan + "-cdn")
+	DeploymentProviderTypeBaotaPanelConsole     = DeploymentProviderType(AccessProviderTypeBaotaPanel + "-console")
+	DeploymentProviderTypeBaotaPanelSite        = DeploymentProviderType(AccessProviderTypeBaotaPanel + "-site")
+	DeploymentProviderTypeBunnyCDN              = DeploymentProviderType(AccessProviderTypeBunny + "-cdn")
+	DeploymentProviderTypeBytePlusCDN           = DeploymentProviderType(AccessProviderTypeBytePlus + "-cdn")
+	DeploymentProviderTypeCacheFly              = DeploymentProviderType(AccessProviderTypeCacheFly)
+	DeploymentProviderTypeCdnfly                = DeploymentProviderType(AccessProviderTypeCdnfly)
+	DeploymentProviderTypeDogeCloudCDN          = DeploymentProviderType(AccessProviderTypeDogeCloud + "-cdn")
+	DeploymentProviderTypeEdgioApplications     = DeploymentProviderType(AccessProviderTypeEdgio + "-applications")
+	DeploymentProviderTypeGcoreCDN              = DeploymentProviderType(AccessProviderTypeGcore + "-cdn")
+	DeploymentProviderTypeHuaweiCloudCDN        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-cdn")
+	DeploymentProviderTypeHuaweiCloudELB        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-elb")
+	DeploymentProviderTypeHuaweiCloudSCM        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-scm")
+	DeploymentProviderTypeHuaweiCloudWAF        = DeploymentProviderType(AccessProviderTypeHuaweiCloud + "-waf")
+	DeploymentProviderTypeJDCloudALB            = DeploymentProviderType(AccessProviderTypeJDCloud + "-alb")
+	DeploymentProviderTypeJDCloudCDN            = DeploymentProviderType(AccessProviderTypeJDCloud + "-cdn")
+	DeploymentProviderTypeJDCloudLive           = DeploymentProviderType(AccessProviderTypeJDCloud + "-live")
+	DeploymentProviderTypeJDCloudVOD            = DeploymentProviderType(AccessProviderTypeJDCloud + "-vod")
+	DeploymentProviderTypeKubernetesSecret      = DeploymentProviderType(AccessProviderTypeKubernetes + "-secret")
+	DeploymentProviderTypeLocal                 = DeploymentProviderType(AccessProviderTypeLocal)
+	DeploymentProviderTypeQiniuCDN              = DeploymentProviderType(AccessProviderTypeQiniu + "-cdn")
+	DeploymentProviderTypeQiniuKodo             = DeploymentProviderType(AccessProviderTypeQiniu + "-kodo")
+	DeploymentProviderTypeQiniuPili             = DeploymentProviderType(AccessProviderTypeQiniu + "-pili")
+	DeploymentProviderTypeRainYunRCDN           = DeploymentProviderType(AccessProviderTypeRainYun + "-rcdn")
+	DeploymentProviderTypeSafeLine              = DeploymentProviderType(AccessProviderTypeSafeLine)
+	DeploymentProviderTypeSSH                   = DeploymentProviderType(AccessProviderTypeSSH)
+	DeploymentProviderTypeTencentCloudCDN       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-cdn")
+	DeploymentProviderTypeTencentCloudCLB       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-clb")
+	DeploymentProviderTypeTencentCloudCOS       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-cos")
+	DeploymentProviderTypeTencentCloudCSS       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-css")
+	DeploymentProviderTypeTencentCloudECDN      = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ecdn")
+	DeploymentProviderTypeTencentCloudEO        = DeploymentProviderType(AccessProviderTypeTencentCloud + "-eo")
+	DeploymentProviderTypeTencentCloudSCF       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-scf")
+	DeploymentProviderTypeTencentCloudSSL       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ssl")
+	DeploymentProviderTypeTencentCloudSSLDeploy = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ssldeploy")
+	DeploymentProviderTypeTencentCloudVOD       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-vod")
+	DeploymentProviderTypeTencentCloudWAF       = DeploymentProviderType(AccessProviderTypeTencentCloud + "-waf")
+	DeploymentProviderTypeUCloudUCDN            = DeploymentProviderType(AccessProviderTypeUCloud + "-ucdn")
+	DeploymentProviderTypeUCloudUS3             = DeploymentProviderType(AccessProviderTypeUCloud + "-us3")
+	DeploymentProviderTypeUpyunCDN              = DeploymentProviderType(AccessProviderTypeUpyun + "-cdn")
+	DeploymentProviderTypeUpyunFile             = DeploymentProviderType(AccessProviderTypeUpyun + "-file")
+	DeploymentProviderTypeVolcEngineALB         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-alb")
+	DeploymentProviderTypeVolcEngineCDN         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-cdn")
+	DeploymentProviderTypeVolcEngineCertCenter  = DeploymentProviderType(AccessProviderTypeVolcEngine + "-certcenter")
+	DeploymentProviderTypeVolcEngineCLB         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-clb")
+	DeploymentProviderTypeVolcEngineDCDN        = DeploymentProviderType(AccessProviderTypeVolcEngine + "-dcdn")
+	DeploymentProviderTypeVolcEngineImageX      = DeploymentProviderType(AccessProviderTypeVolcEngine + "-imagex")
+	DeploymentProviderTypeVolcEngineLive        = DeploymentProviderType(AccessProviderTypeVolcEngine + "-live")
+	DeploymentProviderTypeVolcEngineTOS         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-tos")
+	DeploymentProviderTypeWangsuCDNPro          = DeploymentProviderType(AccessProviderTypeWangsu + "-cdnpro")
+	DeploymentProviderTypeWebhook               = DeploymentProviderType(AccessProviderTypeWebhook)
+)
+
+type NotificationProviderType string
+
+/*
+消息通知提供商常量值。
+短横线前的部分始终等于授权提供商类型。
+
+	注意：如果追加新的常量值，请保持以 ASCII 排序。
+	NOTICE: If you add new constant, please keep ASCII order.
+*/
+const (
+	NotificationProviderTypeDingTalkBot = NotificationProviderType(AccessProviderTypeDingTalkBot)
+	NotificationProviderTypeEmail       = NotificationProviderType(AccessProviderTypeEmail)
+	NotificationProviderTypeLarkBot     = NotificationProviderType(AccessProviderTypeLarkBot)
+	NotificationProviderTypeMattermost  = NotificationProviderType(AccessProviderTypeMattermost)
+	NotificationProviderTypeTelegram    = NotificationProviderType(AccessProviderTypeTelegram)
+	NotificationProviderTypeWebhook     = NotificationProviderType(AccessProviderTypeWebhook)
+	NotificationProviderTypeWeComBot    = NotificationProviderType(AccessProviderTypeWeComBot)
 )
diff --git a/internal/domain/settings.go b/internal/domain/settings.go
index ebe6b9d7..7063ed83 100644
--- a/internal/domain/settings.go
+++ b/internal/domain/settings.go
@@ -13,6 +13,7 @@ type Settings struct {
 	Content string `json:"content" db:"content"`
 }
 
+// Deprecated: v0.4.x 将废弃
 type NotifyTemplatesSettingsContent struct {
 	NotifyTemplates []struct {
 		Subject string `json:"subject"`
@@ -20,8 +21,10 @@ type NotifyTemplatesSettingsContent struct {
 	} `json:"notifyTemplates"`
 }
 
+// Deprecated: v0.4.x 将废弃
 type NotifyChannelsSettingsContent map[string]map[string]any
 
+// Deprecated: v0.4.x 将废弃
 func (s *Settings) GetNotifyChannelConfig(channel string) (map[string]any, error) {
 	conf := &NotifyChannelsSettingsContent{}
 	if err := json.Unmarshal([]byte(s.Content), conf); err != nil {
diff --git a/internal/domain/workflow.go b/internal/domain/workflow.go
index cfa1c8cc..65bc35d0 100644
--- a/internal/domain/workflow.go
+++ b/internal/domain/workflow.go
@@ -71,7 +71,7 @@ type WorkflowNodeConfigForApply struct {
 	CAProvider            string         `json:"caProvider,omitempty"`            // CA 提供商（零值将使用全局配置）
 	CAProviderAccessId    string         `json:"caProviderAccessId,omitempty"`    // CA 提供商授权记录 ID
 	CAProviderConfig      map[string]any `json:"caProviderConfig,omitempty"`      // CA 提供商额外配置
-	KeyAlgorithm          string         `json:"keyAlgorithm"`                    // 密钥算法
+	KeyAlgorithm          string         `json:"keyAlgorithm"`                    // 证书算法
 	Nameservers           string         `json:"nameservers,omitempty"`           // DNS 服务器列表，以半角分号分隔
 	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播超时时间（零值取决于提供商的默认值）
 	DnsTTL                int32          `json:"dnsTTL,omitempty"`                // DNS TTL（零值取决于提供商的默认值）
@@ -95,9 +95,12 @@ type WorkflowNodeConfigForDeploy struct {
 }
 
 type WorkflowNodeConfigForNotify struct {
-	Channel string `json:"channel"` // 通知渠道
-	Subject string `json:"subject"` // 通知主题
-	Message string `json:"message"` // 通知内容
+	Channel          string         `json:"channel,omitempty"`        // Deprecated: v0.4.x 将废弃
+	Provider         string         `json:"provider"`                 // 通知提供商
+	ProviderAccessId string         `json:"providerAccessId"`         // 通知提供商授权记录 ID
+	ProviderConfig   map[string]any `json:"providerConfig,omitempty"` // 通知提供商额外配置
+	Subject          string         `json:"subject"`                  // 通知主题
+	Message          string         `json:"message"`                  // 通知内容
 }
 
 func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
@@ -111,10 +114,10 @@ func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
 		ContactEmail:          maputil.GetString(n.Config, "contactEmail"),
 		Provider:              maputil.GetString(n.Config, "provider"),
 		ProviderAccessId:      maputil.GetString(n.Config, "providerAccessId"),
-		ProviderConfig:        maputil.GetAnyMap(n.Config, "providerConfig"),
+		ProviderConfig:        maputil.GetKVMapAny(n.Config, "providerConfig"),
 		CAProvider:            maputil.GetString(n.Config, "caProvider"),
 		CAProviderAccessId:    maputil.GetString(n.Config, "caProviderAccessId"),
-		CAProviderConfig:      maputil.GetAnyMap(n.Config, "caProviderConfig"),
+		CAProviderConfig:      maputil.GetKVMapAny(n.Config, "caProviderConfig"),
 		KeyAlgorithm:          maputil.GetString(n.Config, "keyAlgorithm"),
 		Nameservers:           maputil.GetString(n.Config, "nameservers"),
 		DnsPropagationTimeout: maputil.GetInt32(n.Config, "dnsPropagationTimeout"),
@@ -138,16 +141,19 @@ func (n *WorkflowNode) GetConfigForDeploy() WorkflowNodeConfigForDeploy {
 		Certificate:         maputil.GetString(n.Config, "certificate"),
 		Provider:            maputil.GetString(n.Config, "provider"),
 		ProviderAccessId:    maputil.GetString(n.Config, "providerAccessId"),
-		ProviderConfig:      maputil.GetAnyMap(n.Config, "providerConfig"),
+		ProviderConfig:      maputil.GetKVMapAny(n.Config, "providerConfig"),
 		SkipOnLastSucceeded: maputil.GetBool(n.Config, "skipOnLastSucceeded"),
 	}
 }
 
 func (n *WorkflowNode) GetConfigForNotify() WorkflowNodeConfigForNotify {
 	return WorkflowNodeConfigForNotify{
-		Channel: maputil.GetString(n.Config, "channel"),
-		Subject: maputil.GetString(n.Config, "subject"),
-		Message: maputil.GetString(n.Config, "message"),
+		Channel:          maputil.GetString(n.Config, "channel"),
+		Provider:         maputil.GetString(n.Config, "provider"),
+		ProviderAccessId: maputil.GetString(n.Config, "providerAccessId"),
+		ProviderConfig:   maputil.GetKVMapAny(n.Config, "providerConfig"),
+		Subject:          maputil.GetString(n.Config, "subject"),
+		Message:          maputil.GetString(n.Config, "message"),
 	}
 }
 
diff --git a/internal/notify/notifier.go b/internal/notify/notifier.go
new file mode 100644
index 00000000..955e88c3
--- /dev/null
+++ b/internal/notify/notifier.go
@@ -0,0 +1,72 @@
+package notify
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+	"github.com/usual2970/certimate/internal/repository"
+)
+
+type Notifier interface {
+	Notify(ctx context.Context) error
+}
+
+type NotifierWithWorkflowNodeConfig struct {
+	Node    *domain.WorkflowNode
+	Logger  *slog.Logger
+	Subject string
+	Message string
+}
+
+func NewWithWorkflowNode(config NotifierWithWorkflowNodeConfig) (Notifier, error) {
+	if config.Node == nil {
+		return nil, fmt.Errorf("node is nil")
+	}
+	if config.Node.Type != domain.WorkflowNodeTypeNotify {
+		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeNotify))
+	}
+
+	nodeConfig := config.Node.GetConfigForNotify()
+	options := &notifierProviderOptions{
+		Provider:               domain.NotificationProviderType(nodeConfig.Provider),
+		ProviderAccessConfig:   make(map[string]any),
+		ProviderExtendedConfig: nodeConfig.ProviderConfig,
+	}
+
+	accessRepo := repository.NewAccessRepository()
+	if nodeConfig.ProviderAccessId != "" {
+		access, err := accessRepo.GetById(context.Background(), nodeConfig.ProviderAccessId)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.ProviderAccessId, err)
+		} else {
+			options.ProviderAccessConfig = access.Config
+		}
+	}
+
+	notifierProvider, err := createNotifierProvider(options)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifierImpl{
+		provider: notifierProvider.WithLogger(config.Logger),
+		subject:  config.Subject,
+		message:  config.Message,
+	}, nil
+}
+
+type notifierImpl struct {
+	provider notifier.Notifier
+	subject  string
+	message  string
+}
+
+var _ Notifier = (*notifierImpl)(nil)
+
+func (n *notifierImpl) Notify(ctx context.Context) error {
+	_, err := n.provider.Notify(ctx, n.subject, n.message)
+	return err
+}
diff --git a/internal/notify/notify.go b/internal/notify/notify.go
index 3d447c05..92970341 100644
--- a/internal/notify/notify.go
+++ b/internal/notify/notify.go
@@ -13,6 +13,7 @@ import (
 	"github.com/usual2970/certimate/internal/repository"
 )
 
+// Deprecated: v0.4.x 将废弃
 func SendToAllChannels(subject, message string) error {
 	notifiers, err := getEnabledNotifiers()
 	if err != nil {
@@ -38,8 +39,9 @@ func SendToAllChannels(subject, message string) error {
 	return err
 }
 
+// Deprecated: v0.4.x 将废弃
 func SendToChannel(subject, message string, channel string, channelConfig map[string]any) error {
-	notifier, err := createNotifier(domain.NotifyChannelType(channel), channelConfig)
+	notifier, err := createNotifierProviderUseGlobalSettings(domain.NotifyChannelType(channel), channelConfig)
 	if err != nil {
 		return err
 	}
@@ -48,6 +50,7 @@ func SendToChannel(subject, message string, channel string, channelConfig map[st
 	return err
 }
 
+// Deprecated: v0.4.x 将废弃
 func getEnabledNotifiers() ([]notifier.Notifier, error) {
 	settingsRepo := repository.NewSettingsRepository()
 	settings, err := settingsRepo.GetByName(context.Background(), "notifyChannels")
@@ -66,7 +69,7 @@ func getEnabledNotifiers() ([]notifier.Notifier, error) {
 			continue
 		}
 
-		notifier, err := createNotifier(domain.NotifyChannelType(k), v)
+		notifier, err := createNotifierProviderUseGlobalSettings(domain.NotifyChannelType(k), v)
 		if err != nil {
 			continue
 		}
diff --git a/internal/notify/providers.go b/internal/notify/providers.go
index bae9ba72..c57b9c82 100644
--- a/internal/notify/providers.go
+++ b/internal/notify/providers.go
@@ -2,105 +2,152 @@ package notify
 
 import (
 	"fmt"
+	"net/http"
 
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
-	pBark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/bark"
 	pDingTalk "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/dingtalk"
 	pEmail "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/email"
-	pGotify "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/gotify"
 	pLark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/lark"
 	pMattermost "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/mattermost"
-	pPushover "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/pushover"
-	pPushPlus "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/pushplus"
-	pServerChan "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/serverchan"
 	pTelegram "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegram"
 	pWebhook "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/webhook"
 	pWeCom "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecom"
+	httputil "github.com/usual2970/certimate/internal/pkg/utils/http"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
 
-func createNotifier(channel domain.NotifyChannelType, channelConfig map[string]any) (notifier.Notifier, error) {
+type notifierProviderOptions struct {
+	Provider               domain.NotificationProviderType
+	ProviderAccessConfig   map[string]any
+	ProviderExtendedConfig map[string]any
+}
+
+func createNotifierProvider(options *notifierProviderOptions) (notifier.Notifier, error) {
 	/*
 	  注意：如果追加新的常量值，请保持以 ASCII 排序。
 	  NOTICE: If you add new constant, please keep ASCII order.
 	*/
-	switch channel {
-	case domain.NotifyChannelTypeBark:
-		return pBark.NewNotifier(&pBark.NotifierConfig{
-			DeviceKey: maputil.GetString(channelConfig, "deviceKey"),
-			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
-		})
+	switch options.Provider {
+	case domain.NotificationProviderTypeDingTalkBot:
+		{
+			access := domain.AccessConfigForDingTalkBot{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
 
-	case domain.NotifyChannelTypeDingTalk:
-		return pDingTalk.NewNotifier(&pDingTalk.NotifierConfig{
-			AccessToken: maputil.GetString(channelConfig, "accessToken"),
-			Secret:      maputil.GetString(channelConfig, "secret"),
-		})
+			return pDingTalk.NewNotifier(&pDingTalk.NotifierConfig{
+				WebhookUrl: access.WebhookUrl,
+				Secret:     access.Secret,
+			})
+		}
 
-	case domain.NotifyChannelTypeEmail:
-		return pEmail.NewNotifier(&pEmail.NotifierConfig{
-			SmtpHost:        maputil.GetString(channelConfig, "smtpHost"),
-			SmtpPort:        maputil.GetInt32(channelConfig, "smtpPort"),
-			SmtpTLS:         maputil.GetOrDefaultBool(channelConfig, "smtpTLS", true),
-			Username:        maputil.GetOrDefaultString(channelConfig, "username", maputil.GetString(channelConfig, "senderAddress")),
-			Password:        maputil.GetString(channelConfig, "password"),
-			SenderAddress:   maputil.GetString(channelConfig, "senderAddress"),
-			ReceiverAddress: maputil.GetString(channelConfig, "receiverAddress"),
-		})
+	case domain.NotificationProviderTypeEmail:
+		{
+			access := domain.AccessConfigForEmail{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
 
-	case domain.NotifyChannelTypeGotify:
-		return pGotify.NewNotifier(&pGotify.NotifierConfig{
-			Url:      maputil.GetString(channelConfig, "url"),
-			Token:    maputil.GetString(channelConfig, "token"),
-			Priority: maputil.GetOrDefaultInt64(channelConfig, "priority", 1),
-		})
+			return pEmail.NewNotifier(&pEmail.NotifierConfig{
+				SmtpHost:        access.SmtpHost,
+				SmtpPort:        access.SmtpPort,
+				SmtpTls:         access.SmtpTls,
+				Username:        access.Username,
+				Password:        access.Password,
+				SenderAddress:   maputil.GetOrDefaultString(options.ProviderExtendedConfig, "senderAddress", access.DefaultSenderAddress),
+				ReceiverAddress: maputil.GetOrDefaultString(options.ProviderExtendedConfig, "receiverAddress", access.DefaultReceiverAddress),
+			})
+		}
 
-	case domain.NotifyChannelTypeLark:
-		return pLark.NewNotifier(&pLark.NotifierConfig{
-			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
-		})
+	case domain.NotificationProviderTypeLarkBot:
+		{
+			access := domain.AccessConfigForLarkBot{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
 
-	case domain.NotifyChannelTypeMattermost:
-		return pMattermost.NewNotifier(&pMattermost.NotifierConfig{
-			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
-			ChannelId: maputil.GetString(channelConfig, "channelId"),
-			Username:  maputil.GetString(channelConfig, "username"),
-			Password:  maputil.GetString(channelConfig, "password"),
-		})
-	case domain.NotifyChannelTypePushover:
-		return pPushover.NewNotifier(&pPushover.NotifierConfig{
-			Token: maputil.GetString(channelConfig, "token"),
-			User:  maputil.GetString(channelConfig, "user"),
-		})
+			return pLark.NewNotifier(&pLark.NotifierConfig{
+				WebhookUrl: access.WebhookUrl,
+			})
+		}
 
-	case domain.NotifyChannelTypePushPlus:
-		return pPushPlus.NewNotifier(&pPushPlus.NotifierConfig{
-			Token: maputil.GetString(channelConfig, "token"),
-		})
+	case domain.NotificationProviderTypeMattermost:
+		{
+			access := domain.AccessConfigForMattermost{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
 
-	case domain.NotifyChannelTypeServerChan:
-		return pServerChan.NewNotifier(&pServerChan.NotifierConfig{
-			Url: maputil.GetString(channelConfig, "url"),
-		})
+			return pMattermost.NewNotifier(&pMattermost.NotifierConfig{
+				ServerUrl: access.ServerUrl,
+				Username:  access.Username,
+				Password:  access.Password,
+				ChannelId: maputil.GetOrDefaultString(options.ProviderExtendedConfig, "channelId", access.DefaultChannelId),
+			})
+		}
 
-	case domain.NotifyChannelTypeTelegram:
-		return pTelegram.NewNotifier(&pTelegram.NotifierConfig{
-			ApiToken: maputil.GetString(channelConfig, "apiToken"),
-			ChatId:   maputil.GetInt64(channelConfig, "chatId"),
-		})
+	case domain.NotificationProviderTypeTelegram:
+		{
+			access := domain.AccessConfigForTelegram{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
 
-	case domain.NotifyChannelTypeWebhook:
-		return pWebhook.NewNotifier(&pWebhook.NotifierConfig{
-			Url:                      maputil.GetString(channelConfig, "url"),
-			AllowInsecureConnections: maputil.GetBool(channelConfig, "allowInsecureConnections"),
-		})
+			return pTelegram.NewNotifier(&pTelegram.NotifierConfig{
+				BotToken: access.BotToken,
+				ChatId:   maputil.GetOrDefaultInt64(options.ProviderExtendedConfig, "chatId", access.DefaultChatId),
+			})
+		}
 
-	case domain.NotifyChannelTypeWeCom:
-		return pWeCom.NewNotifier(&pWeCom.NotifierConfig{
-			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
-		})
+	case domain.NotificationProviderTypeWebhook:
+		{
+			access := domain.AccessConfigForWebhook{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			mergedHeaders := make(map[string]string)
+			if defaultHeadersString := access.HeadersString; defaultHeadersString != "" {
+				h, err := httputil.ParseHeaders(defaultHeadersString)
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse webhook headers: %w", err)
+				}
+				for key := range h {
+					mergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)
+				}
+			}
+			if extendedHeadersString := maputil.GetString(options.ProviderExtendedConfig, "headers"); extendedHeadersString != "" {
+				h, err := httputil.ParseHeaders(extendedHeadersString)
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse webhook headers: %w", err)
+				}
+				for key := range h {
+					mergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)
+				}
+			}
+
+			return pWebhook.NewNotifier(&pWebhook.NotifierConfig{
+				WebhookUrl:               access.Url,
+				WebhookData:              maputil.GetOrDefaultString(options.ProviderExtendedConfig, "webhookData", access.DefaultDataForNotification),
+				Method:                   access.Method,
+				Headers:                  mergedHeaders,
+				AllowInsecureConnections: access.AllowInsecureConnections,
+			})
+		}
+
+	case domain.NotificationProviderTypeWeComBot:
+		{
+			access := domain.AccessConfigForWeComBot{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			return pWeCom.NewNotifier(&pWeCom.NotifierConfig{
+				WebhookUrl: access.WebhookUrl,
+			})
+		}
 	}
 
-	return nil, fmt.Errorf("unsupported notifier channel '%s'", channelConfig)
+	return nil, fmt.Errorf("unsupported notifier provider '%s'", options.Provider)
 }
diff --git a/internal/notify/providers_deprecated.go b/internal/notify/providers_deprecated.go
new file mode 100644
index 00000000..1e862866
--- /dev/null
+++ b/internal/notify/providers_deprecated.go
@@ -0,0 +1,108 @@
+package notify
+
+import (
+	"fmt"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+	pBark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/bark"
+	pDingTalk "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/dingtalk"
+	pEmail "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/email"
+	pGotify "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/gotify"
+	pLark "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/lark"
+	pMattermost "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/mattermost"
+	pPushover "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/pushover"
+	pPushPlus "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/pushplus"
+	pServerChan "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/serverchan"
+	pTelegram "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegram"
+	pWebhook "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/webhook"
+	pWeCom "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecom"
+	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
+)
+
+// Deprecated: v0.4.x 将废弃
+func createNotifierProviderUseGlobalSettings(channel domain.NotifyChannelType, channelConfig map[string]any) (notifier.Notifier, error) {
+	/*
+	  注意：如果追加新的常量值，请保持以 ASCII 排序。
+	  NOTICE: If you add new constant, please keep ASCII order.
+	*/
+	switch channel {
+	case domain.NotifyChannelTypeBark:
+		return pBark.NewNotifier(&pBark.NotifierConfig{
+			DeviceKey: maputil.GetString(channelConfig, "deviceKey"),
+			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
+		})
+
+	case domain.NotifyChannelTypeDingTalk:
+		return pDingTalk.NewNotifier(&pDingTalk.NotifierConfig{
+			WebhookUrl: "https://oapi.dingtalk.com/robot/send?access_token=" + maputil.GetString(channelConfig, "accessToken"),
+			Secret:     maputil.GetString(channelConfig, "secret"),
+		})
+
+	case domain.NotifyChannelTypeEmail:
+		return pEmail.NewNotifier(&pEmail.NotifierConfig{
+			SmtpHost:        maputil.GetString(channelConfig, "smtpHost"),
+			SmtpPort:        maputil.GetInt32(channelConfig, "smtpPort"),
+			SmtpTls:         maputil.GetOrDefaultBool(channelConfig, "smtpTLS", true),
+			Username:        maputil.GetOrDefaultString(channelConfig, "username", maputil.GetString(channelConfig, "senderAddress")),
+			Password:        maputil.GetString(channelConfig, "password"),
+			SenderAddress:   maputil.GetString(channelConfig, "senderAddress"),
+			ReceiverAddress: maputil.GetString(channelConfig, "receiverAddress"),
+		})
+
+	case domain.NotifyChannelTypeGotify:
+		return pGotify.NewNotifier(&pGotify.NotifierConfig{
+			Url:      maputil.GetString(channelConfig, "url"),
+			Token:    maputil.GetString(channelConfig, "token"),
+			Priority: maputil.GetOrDefaultInt64(channelConfig, "priority", 1),
+		})
+
+	case domain.NotifyChannelTypeLark:
+		return pLark.NewNotifier(&pLark.NotifierConfig{
+			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
+		})
+
+	case domain.NotifyChannelTypeMattermost:
+		return pMattermost.NewNotifier(&pMattermost.NotifierConfig{
+			ServerUrl: maputil.GetString(channelConfig, "serverUrl"),
+			ChannelId: maputil.GetString(channelConfig, "channelId"),
+			Username:  maputil.GetString(channelConfig, "username"),
+			Password:  maputil.GetString(channelConfig, "password"),
+		})
+
+	case domain.NotifyChannelTypePushover:
+		return pPushover.NewNotifier(&pPushover.NotifierConfig{
+			Token: maputil.GetString(channelConfig, "token"),
+			User:  maputil.GetString(channelConfig, "user"),
+		})
+
+	case domain.NotifyChannelTypePushPlus:
+		return pPushPlus.NewNotifier(&pPushPlus.NotifierConfig{
+			Token: maputil.GetString(channelConfig, "token"),
+		})
+
+	case domain.NotifyChannelTypeServerChan:
+		return pServerChan.NewNotifier(&pServerChan.NotifierConfig{
+			Url: maputil.GetString(channelConfig, "url"),
+		})
+
+	case domain.NotifyChannelTypeTelegram:
+		return pTelegram.NewNotifier(&pTelegram.NotifierConfig{
+			BotToken: maputil.GetString(channelConfig, "apiToken"),
+			ChatId:   maputil.GetInt64(channelConfig, "chatId"),
+		})
+
+	case domain.NotifyChannelTypeWebhook:
+		return pWebhook.NewNotifier(&pWebhook.NotifierConfig{
+			WebhookUrl:               maputil.GetString(channelConfig, "url"),
+			AllowInsecureConnections: maputil.GetBool(channelConfig, "allowInsecureConnections"),
+		})
+
+	case domain.NotifyChannelTypeWeCom:
+		return pWeCom.NewNotifier(&pWeCom.NotifierConfig{
+			WebhookUrl: maputil.GetString(channelConfig, "webhookUrl"),
+		})
+	}
+
+	return nil, fmt.Errorf("unsupported notifier channel '%s'", channelConfig)
+}
diff --git a/internal/notify/service.go b/internal/notify/service.go
index 9b7cc416..1d1f6c25 100644
--- a/internal/notify/service.go
+++ b/internal/notify/service.go
@@ -8,25 +8,30 @@ import (
 	"github.com/usual2970/certimate/internal/domain/dtos"
 )
 
+// Deprecated: v0.4.x 将废弃
 const (
 	notifyTestTitle = "测试通知"
 	notifyTestBody  = "欢迎使用 Certimate ，这是一条测试通知。"
 )
 
+// Deprecated: v0.4.x 将废弃
 type settingsRepository interface {
 	GetByName(ctx context.Context, name string) (*domain.Settings, error)
 }
 
+// Deprecated: v0.4.x 将废弃
 type NotifyService struct {
 	settingsRepo settingsRepository
 }
 
+// Deprecated: v0.4.x 将废弃
 func NewNotifyService(settingsRepo settingsRepository) *NotifyService {
 	return &NotifyService{
 		settingsRepo: settingsRepo,
 	}
 }
 
+// Deprecated: v0.4.x 将废弃
 func (n *NotifyService) Test(ctx context.Context, req *dtos.NotifyTestPushReq) error {
 	settings, err := n.settingsRepo.GetByName(ctx, "notifyChannels")
 	if err != nil {
diff --git a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
index ddf49218..1d60d315 100644
--- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
@@ -137,6 +137,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listListenersReq := &alialb.ListListenersRequest{
 			MaxResults:       tea.Int32(listListenersLimit),
 			NextToken:        listListenersToken,
@@ -166,6 +172,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
 	listListenersToken = nil
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listListenersReq := &alialb.ListListenersRequest{
 			MaxResults:       tea.Int32(listListenersLimit),
 			NextToken:        listListenersToken,
@@ -262,6 +274,12 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 		listListenerCertificatesLimit := int32(100)
 		var listListenerCertificatesToken *string = nil
 		for {
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+			}
+
 			listListenerCertificatesReq := &alialb.ListListenerCertificatesRequest{
 				NextToken:       listListenerCertificatesToken,
 				MaxResults:      tea.Int32(listListenerCertificatesLimit),
diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
index 2d85be7a..82a05c33 100644
--- a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
@@ -142,6 +142,12 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri
 	listDomainsPageNumber := int32(1)
 	listDomainsPageSize := int32(10)
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listDomainsReq := &aliapig.ListDomainsRequest{
 			GatewayId:  tea.String(d.config.GatewayId),
 			NameLike:   tea.String(d.config.Domain),
diff --git a/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go b/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go
index a819de13..077dea5c 100644
--- a/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go
+++ b/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go
@@ -126,8 +126,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	// 循环获取部署任务详情，等待任务状态变更
 	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-describedeploymentjob
 	for {
-		if ctx.Err() != nil {
+		select {
+		case <-ctx.Done():
 			return nil, ctx.Err()
+		default:
 		}
 
 		describeDeploymentJobReq := &alicas.DescribeDeploymentJobRequest{
diff --git a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
index 583eeabd..6ff33049 100644
--- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
@@ -132,6 +132,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	describeLoadBalancerListenersLimit := int32(100)
 	var describeLoadBalancerListenersToken *string = nil
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		describeLoadBalancerListenersReq := &alislb.DescribeLoadBalancerListenersRequest{
 			RegionId:         tea.String(d.config.Region),
 			MaxResults:       tea.Int32(describeLoadBalancerListenersLimit),
@@ -166,8 +172,14 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listenerPort := range listenerPorts {
-			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
index 326273f8..d6879f61 100644
--- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
@@ -125,6 +125,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	listListenersLimit := int32(100)
 	var listListenersToken *string = nil
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listListenersReq := &alinlb.ListListenersRequest{
 			MaxResults:       tea.Int32(listListenersLimit),
 			NextToken:        listListenersToken,
@@ -158,8 +164,14 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listenerId := range listenerIds {
-			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb.go b/internal/pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb.go
index 90084f6b..aabce14c 100644
--- a/internal/pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb.go
+++ b/internal/pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb.go
@@ -152,8 +152,14 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listener := range listeners {
-			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
@@ -209,8 +215,14 @@ func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId str
 		var errs []error
 
 		for _, listener := range listeners {
-			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb.go b/internal/pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb.go
index 8c350492..a16ea102 100644
--- a/internal/pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb.go
+++ b/internal/pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb.go
@@ -152,8 +152,14 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listener := range listeners {
-			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
@@ -209,8 +215,14 @@ func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId str
 		var errs []error
 
 		for _, listener := range listeners {
-			if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go b/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go
index d74f6c60..e659c9a1 100644
--- a/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go
+++ b/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go
@@ -117,16 +117,22 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		var errs []error
 
 		for _, domain := range domains {
-			// 关联证书与加速域名
-			// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-batchdeploycert
-			batchDeployCertReq := &bpcdn.BatchDeployCertRequest{
-				CertId: upres.CertId,
-				Domain: domain,
-			}
-			batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
-			d.logger.Debug("sdk request 'cdn.BatchDeployCert'", slog.Any("request", batchDeployCertReq), slog.Any("response", batchDeployCertResp))
-			if err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+
+			default:
+				// 关联证书与加速域名
+				// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-batchdeploycert
+				batchDeployCertReq := &bpcdn.BatchDeployCertRequest{
+					CertId: upres.CertId,
+					Domain: domain,
+				}
+				batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
+				d.logger.Debug("sdk request 'cdn.BatchDeployCert'", slog.Any("request", batchDeployCertReq), slog.Any("response", batchDeployCertResp))
+				if err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
index f0c8175e..748111dd 100644
--- a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -160,6 +160,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, certPEM str
 	listListenersLimit := int32(2000)
 	var listListenersMarker *string = nil
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listListenersReq := &hcelbmodel.ListListenersRequest{
 			Limit:          typeutil.ToPtr(listListenersLimit),
 			Marker:         listListenersMarker,
@@ -201,8 +207,14 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, certPEM str
 		var errs []error
 
 		for _, listenerId := range listenerIds {
-			if err := d.modifyListenerCertificate(ctx, listenerId, upres.CertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+
+			default:
+				if err := d.modifyListenerCertificate(ctx, listenerId, upres.CertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf.go b/internal/pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf.go
index ff208fe0..8fe96ee0 100644
--- a/internal/pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf.go
@@ -172,6 +172,12 @@ func (d *DeployerProvider) deployToCloudServer(ctx context.Context, certPEM stri
 	listHostPage := int32(1)
 	listHostPageSize := int32(100)
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listHostReq := &hcwafmodel.ListHostRequest{
 			Hostname: typeutil.ToPtr(strings.TrimPrefix(d.config.Domain, "*")),
 			Page:     typeutil.ToPtr(listHostPage),
@@ -239,6 +245,12 @@ func (d *DeployerProvider) deployToPremiumHost(ctx context.Context, certPEM stri
 	listPremiumHostPage := int32(1)
 	listPremiumHostPageSize := int32(100)
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		listPremiumHostReq := &hcwafmodel.ListPremiumHostRequest{
 			Hostname: typeutil.ToPtr(strings.TrimPrefix(d.config.Domain, "*")),
 			Page:     typeutil.ToPtr(fmt.Sprintf("%d", listPremiumHostPage)),
diff --git a/internal/pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb.go b/internal/pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb.go
index 339bacc8..ca42126e 100644
--- a/internal/pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb.go
+++ b/internal/pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb.go
@@ -132,6 +132,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	describeListenersPageNumber := 1
 	describeListenersPageSize := 100
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		describeListenersReq := jdlbapi.NewDescribeListenersRequest(d.config.RegionId)
 		describeListenersReq.SetFilters([]jdcommon.Filter{{Name: "loadBalancerId", Values: []string{d.config.LoadbalancerId}}})
 		describeListenersReq.SetPageSize(describeListenersPageNumber)
@@ -164,8 +170,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listenerId := range listenerIds {
-			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+				if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod.go b/internal/pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod.go
index 61c5a6f6..6f61625d 100644
--- a/internal/pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod.go
+++ b/internal/pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod.go
@@ -65,6 +65,12 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	listDomainsPageNumber := 1
 	listDomainsPageSize := 100
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listDomainsReq := jdvodapi.NewListDomainsRequest()
 		listDomainsReq.SetPageNumber(1)
 		listDomainsReq.SetPageSize(100)
diff --git a/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go b/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
index 7625d6ae..0c2f8902 100644
--- a/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
@@ -188,8 +188,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listenerId := range listenerIds {
-			if err := d.modifyListenerCertificate(ctx, d.config.LoadbalancerId, listenerId, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+				if err := d.modifyListenerCertificate(ctx, d.config.LoadbalancerId, listenerId, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/tencentcloud-ssl-deploy/tencentcloud_ssl_deploy.go b/internal/pkg/core/deployer/providers/tencentcloud-ssl-deploy/tencentcloud_ssl_deploy.go
index f6090190..5f13660d 100644
--- a/internal/pkg/core/deployer/providers/tencentcloud-ssl-deploy/tencentcloud_ssl_deploy.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-ssl-deploy/tencentcloud_ssl_deploy.go
@@ -108,8 +108,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	// 循环获取部署任务详情，等待任务状态变更
 	// REF: https://cloud.tencent.com.cn/document/api/400/91658
 	for {
-		if ctx.Err() != nil {
+		select {
+		case <-ctx.Done():
 			return nil, ctx.Err()
+		default:
 		}
 
 		describeHostDeployRecordDetailReq := tcssl.NewDescribeHostDeployRecordDetailRequest()
diff --git a/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go b/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go
index c3d0a2d6..b17ae729 100644
--- a/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go
+++ b/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go
@@ -132,6 +132,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	describeListenersPageSize := int64(100)
 	describeListenersPageNumber := int64(1)
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		describeListenersReq := &vealb.DescribeListenersInput{
 			LoadBalancerId: ve.String(d.config.LoadbalancerId),
 			Protocol:       ve.String("HTTPS"),
@@ -163,8 +169,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listenerId := range listenerIds {
-			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+				if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
index f8642b7f..e9b2c325 100644
--- a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
@@ -117,16 +117,21 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		var errs []error
 
 		for _, domain := range domains {
-			// 关联证书与加速域名
-			// REF: https://www.volcengine.com/docs/6454/125712
-			batchDeployCertReq := &vecdn.BatchDeployCertRequest{
-				CertId: upres.CertId,
-				Domain: domain,
-			}
-			batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
-			d.logger.Debug("sdk request 'cdn.BatchDeployCert'", slog.Any("request", batchDeployCertReq), slog.Any("response", batchDeployCertResp))
-			if err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+			default:
+				// 关联证书与加速域名
+				// REF: https://www.volcengine.com/docs/6454/125712
+				batchDeployCertReq := &vecdn.BatchDeployCertRequest{
+					CertId: upres.CertId,
+					Domain: domain,
+				}
+				batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
+				d.logger.Debug("sdk request 'cdn.BatchDeployCert'", slog.Any("request", batchDeployCertReq), slog.Any("response", batchDeployCertResp))
+				if err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
index e95aac0e..3b6a37bf 100644
--- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
@@ -128,6 +128,12 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 	describeListenersPageSize := int64(100)
 	describeListenersPageNumber := int64(1)
 	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
 		describeListenersReq := &veclb.DescribeListenersInput{
 			LoadBalancerId: ve.String(d.config.LoadbalancerId),
 			Protocol:       ve.String("HTTPS"),
@@ -159,8 +165,13 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId
 		var errs []error
 
 		for _, listenerId := range listenerIds {
-			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+				if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
index 1b1336b6..46c0b9dc 100644
--- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
@@ -125,17 +125,22 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		var errs []error
 
 		for _, domain := range domains {
-			// 绑定证书
-			// REF: https://www.volcengine.com/docs/6469/1186278#%E7%BB%91%E5%AE%9A%E8%AF%81%E4%B9%A6
-			bindCertReq := &velive.BindCertBody{
-				ChainID: upres.CertId,
-				Domain:  domain,
-				HTTPS:   ve.Bool(true),
-			}
-			bindCertResp, err := d.sdkClient.BindCert(ctx, bindCertReq)
-			d.logger.Debug("sdk request 'live.BindCert'", slog.Any("request", bindCertReq), slog.Any("response", bindCertResp))
-			if err != nil {
-				errs = append(errs, err)
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+			default:
+				// 绑定证书
+				// REF: https://www.volcengine.com/docs/6469/1186278#%E7%BB%91%E5%AE%9A%E8%AF%81%E4%B9%A6
+				bindCertReq := &velive.BindCertBody{
+					ChainID: upres.CertId,
+					Domain:  domain,
+					HTTPS:   ve.Bool(true),
+				}
+				bindCertResp, err := d.sdkClient.BindCert(ctx, bindCertReq)
+				d.logger.Debug("sdk request 'live.BindCert'", slog.Any("request", bindCertReq), slog.Any("response", bindCertResp))
+				if err != nil {
+					errs = append(errs, err)
+				}
 			}
 		}
 
diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
index f09cfb92..2faf1b03 100644
--- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
+++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
@@ -199,8 +199,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		wangsuTaskId = wangsuTaskMatches[1]
 	}
 	for {
-		if ctx.Err() != nil {
+		select {
+		case <-ctx.Done():
 			return nil, ctx.Err()
+		default:
 		}
 
 		getDeploymentTaskDetailResp, err := d.sdkClient.GetDeploymentTaskDetail(wangsuTaskId)
diff --git a/internal/pkg/core/deployer/providers/webhook/webhook.go b/internal/pkg/core/deployer/providers/webhook/webhook.go
index 28e0bd7d..07b2eaaa 100644
--- a/internal/pkg/core/deployer/providers/webhook/webhook.go
+++ b/internal/pkg/core/deployer/providers/webhook/webhook.go
@@ -6,6 +6,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"log/slog"
+	"net/http"
+	"net/url"
 	"strings"
 	"time"
 
@@ -18,8 +20,13 @@ import (
 type DeployerConfig struct {
 	// Webhook URL。
 	WebhookUrl string `json:"webhookUrl"`
-	// Webhook 回调数据（JSON 格式）。
+	// Webhook 回调数据（application/json 或 application/x-www-form-urlencoded 格式）。
 	WebhookData string `json:"webhookData,omitempty"`
+	// 请求谓词。
+	// 零值时默认为 "POST"。
+	Method string `json:"method,omitempty"`
+	// 请求标头。
+	Headers map[string]string `json:"headers,omitempty"`
 	// 是否允许不安全的连接。
 	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 }
@@ -62,31 +69,111 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 }
 
 func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
+	// 解析证书内容
 	certX509, err := certutil.ParseCertificateFromPEM(certPEM)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse x509: %w", err)
 	}
 
-	var webhookData interface{}
-	err = json.Unmarshal([]byte(d.config.WebhookData), &webhookData)
+	// 处理 Webhook URL
+	webhookUrl, err := url.Parse(d.config.WebhookUrl)
 	if err != nil {
-		return nil, fmt.Errorf("failed to unmarshall webhook data: %w", err)
+		return nil, fmt.Errorf("failed to parse webhook url: %w", err)
+	} else if webhookUrl.Scheme != "http" && webhookUrl.Scheme != "https" {
+		return nil, fmt.Errorf("unsupported webhook url scheme '%s'", webhookUrl.Scheme)
+	} else {
+		webhookUrl.Path = strings.ReplaceAll(webhookUrl.Path, "${DOMAIN}", url.PathEscape(certX509.Subject.CommonName))
 	}
 
-	replaceJsonValueRecursively(webhookData, "${DOMAIN}", certX509.Subject.CommonName)
-	replaceJsonValueRecursively(webhookData, "${DOMAINS}", strings.Join(certX509.DNSNames, ";"))
-	replaceJsonValueRecursively(webhookData, "${SUBJECT_ALT_NAMES}", strings.Join(certX509.DNSNames, ";"))
-	replaceJsonValueRecursively(webhookData, "${CERTIFICATE}", certPEM)
-	replaceJsonValueRecursively(webhookData, "${PRIVATE_KEY}", privkeyPEM)
+	// 处理 Webhook 请求谓词
+	webhookMethod := strings.ToUpper(d.config.Method)
+	if webhookMethod == "" {
+		webhookMethod = http.MethodPost
+	} else if webhookMethod != http.MethodGet &&
+		webhookMethod != http.MethodPost &&
+		webhookMethod != http.MethodPut &&
+		webhookMethod != http.MethodPatch &&
+		webhookMethod != http.MethodDelete {
+		return nil, fmt.Errorf("unsupported webhook request method '%s'", webhookMethod)
+	}
 
-	resp, err := d.httpClient.R().
+	// 处理 Webhook 请求标头
+	webhookHeaders := make(http.Header)
+	for k, v := range d.config.Headers {
+		webhookHeaders.Set(k, v)
+	}
+
+	// 处理 Webhook 请求内容类型
+	const CONTENT_TYPE_JSON = "application/json"
+	const CONTENT_TYPE_FORM = "application/x-www-form-urlencoded"
+	const CONTENT_TYPE_MULTIPART = "multipart/form-data"
+	webhookContentType := webhookHeaders.Get("Content-Type")
+	if webhookContentType == "" {
+		webhookContentType = CONTENT_TYPE_JSON
+		webhookHeaders.Set("Content-Type", CONTENT_TYPE_JSON)
+	} else if strings.HasPrefix(webhookContentType, CONTENT_TYPE_JSON) &&
+		strings.HasPrefix(webhookContentType, CONTENT_TYPE_FORM) &&
+		strings.HasPrefix(webhookContentType, CONTENT_TYPE_MULTIPART) {
+		return nil, fmt.Errorf("unsupported webhook content type '%s'", webhookContentType)
+	}
+
+	// 处理 Webhook 请求数据
+	var webhookData interface{}
+	if d.config.WebhookData == "" {
+		webhookData = map[string]string{
+			"name":    strings.Join(certX509.DNSNames, ";"),
+			"cert":    certPEM,
+			"privkey": privkeyPEM,
+		}
+	} else {
+		err = json.Unmarshal([]byte(d.config.WebhookData), &webhookData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal webhook data: %w", err)
+		}
+
+		replaceJsonValueRecursively(webhookData, "${DOMAIN}", certX509.Subject.CommonName)
+		replaceJsonValueRecursively(webhookData, "${DOMAINS}", strings.Join(certX509.DNSNames, ";"))
+		replaceJsonValueRecursively(webhookData, "${CERTIFICATE}", certPEM)
+		replaceJsonValueRecursively(webhookData, "${PRIVATE_KEY}", privkeyPEM)
+
+		if webhookMethod == http.MethodGet || webhookContentType == CONTENT_TYPE_FORM || webhookContentType == CONTENT_TYPE_MULTIPART {
+			temp := make(map[string]string)
+			jsonb, err := json.Marshal(webhookData)
+			if err != nil {
+				return nil, fmt.Errorf("failed to unmarshal webhook data: %w", err)
+			} else if err := json.Unmarshal(jsonb, &temp); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal webhook data: %w", err)
+			} else {
+				webhookData = temp
+			}
+		}
+	}
+
+	// 生成请求
+	// 其中 GET 请求需转换为查询参数
+	req := d.httpClient.R().
 		SetContext(ctx).
-		SetHeader("Content-Type", "application/json").
-		SetBody(webhookData).
-		Post(d.config.WebhookUrl)
+		SetHeaderMultiValues(webhookHeaders)
+	req.URL = webhookUrl.String()
+	req.Method = webhookMethod
+	if webhookMethod == http.MethodGet {
+		req.SetQueryParams(webhookData.(map[string]string))
+	} else {
+		switch webhookContentType {
+		case CONTENT_TYPE_JSON:
+			req.SetBody(webhookData)
+		case CONTENT_TYPE_FORM:
+			req.SetFormData(webhookData.(map[string]string))
+		case CONTENT_TYPE_MULTIPART:
+			req.SetMultipartFormData(webhookData.(map[string]string))
+		}
+	}
+
+	// 发送请求
+	resp, err := req.SetDebug(true).Send()
 	if err != nil {
 		return nil, fmt.Errorf("failed to send webhook request: %w", err)
-	} else if resp.StatusCode() != 200 {
+	} else if resp.IsError() {
 		return nil, fmt.Errorf("unexpected webhook response status code: %d", resp.StatusCode())
 	}
 
diff --git a/internal/pkg/core/deployer/providers/webhook/webhook_test.go b/internal/pkg/core/deployer/providers/webhook/webhook_test.go
index 0bd670b3..8642ef14 100644
--- a/internal/pkg/core/deployer/providers/webhook/webhook_test.go
+++ b/internal/pkg/core/deployer/providers/webhook/webhook_test.go
@@ -12,10 +12,11 @@ import (
 )
 
 var (
-	fInputCertPath string
-	fInputKeyPath  string
-	fWebhookUrl    string
-	fWebhookData   string
+	fInputCertPath      string
+	fInputKeyPath       string
+	fWebhookUrl         string
+	fWebhookContentType string
+	fWebhookData        string
 )
 
 func init() {
@@ -24,6 +25,7 @@ func init() {
 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
 	flag.StringVar(&fWebhookUrl, argsPrefix+"URL", "", "")
+	flag.StringVar(&fWebhookContentType, argsPrefix+"CONTENTTYPE", "application/json", "")
 	flag.StringVar(&fWebhookData, argsPrefix+"DATA", "", "")
 }
 
@@ -34,7 +36,8 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_WEBHOOK_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_WEBHOOK_INPUTKEYPATH="/path/to/your-input-key.pem" \
 	--CERTIMATE_DEPLOYER_WEBHOOK_URL="https://example.com/your-webhook-url" \
-	--CERTIMATE_DEPLOYER_WEBHOOK_DATA="{\"certificate\":\"${Certificate}\",\"privateKey\":\"${PrivateKey}\"}"
+	--CERTIMATE_DEPLOYER_WEBHOOK_CONTENTTYPE="application/json" \
+	--CERTIMATE_DEPLOYER_WEBHOOK_DATA="{\"certificate\":\"${CERTIFICATE}\",\"privateKey\":\"${PRIVATE_KEY}\"}"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@@ -45,12 +48,17 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
 			fmt.Sprintf("WEBHOOKURL: %v", fWebhookUrl),
+			fmt.Sprintf("WEBHOOKCONTENTTYPE: %v", fWebhookContentType),
 			fmt.Sprintf("WEBHOOKDATA: %v", fWebhookData),
 		}, "\n"))
 
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			WebhookUrl:               fWebhookUrl,
-			WebhookData:              fWebhookData,
+			WebhookUrl:  fWebhookUrl,
+			WebhookData: fWebhookData,
+			Method:      "POST",
+			Headers: map[string]string{
+				"Content-Type": fWebhookContentType,
+			},
 			AllowInsecureConnections: true,
 		})
 		if err != nil {
diff --git a/internal/pkg/core/notifier/providers/bark/bark.go b/internal/pkg/core/notifier/providers/bark/bark.go
index c25ae3f9..ccdd5736 100644
--- a/internal/pkg/core/notifier/providers/bark/bark.go
+++ b/internal/pkg/core/notifier/providers/bark/bark.go
@@ -32,6 +32,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
diff --git a/internal/pkg/core/notifier/providers/dingtalk/dingtalk.go b/internal/pkg/core/notifier/providers/dingtalk/dingtalk.go
index 4f9964e9..9eb94dcf 100644
--- a/internal/pkg/core/notifier/providers/dingtalk/dingtalk.go
+++ b/internal/pkg/core/notifier/providers/dingtalk/dingtalk.go
@@ -2,7 +2,9 @@ package dingtalk
 
 import (
 	"context"
+	"fmt"
 	"log/slog"
+	"net/url"
 
 	"github.com/nikoksr/notify/service/dingding"
 
@@ -10,8 +12,8 @@ import (
 )
 
 type NotifierConfig struct {
-	// 钉钉机器人的 Token。
-	AccessToken string `json:"accessToken"`
+	// 钉钉机器人的 Webhook 地址。
+	WebhookUrl string `json:"webhookUrl"`
 	// 钉钉机器人的 Secret。
 	Secret string `json:"secret"`
 }
@@ -30,6 +32,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
@@ -43,8 +46,13 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 }
 
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	webhookUrl, err := url.Parse(n.config.WebhookUrl)
+	if err != nil {
+		return nil, fmt.Errorf("invalid webhook url: %w", err)
+	}
+
 	srv := dingding.New(&dingding.Config{
-		Token:  n.config.AccessToken,
+		Token:  webhookUrl.Query().Get("access_token"),
 		Secret: n.config.Secret,
 	})
 
diff --git a/internal/pkg/core/notifier/providers/email/email.go b/internal/pkg/core/notifier/providers/email/email.go
index d16603fa..69d39012 100644
--- a/internal/pkg/core/notifier/providers/email/email.go
+++ b/internal/pkg/core/notifier/providers/email/email.go
@@ -19,7 +19,7 @@ type NotifierConfig struct {
 	// 零值时根据是否启用 TLS 决定。
 	SmtpPort int32 `json:"smtpPort"`
 	// 是否启用 TLS。
-	SmtpTLS bool `json:"smtpTLS"`
+	SmtpTls bool `json:"smtpTls"`
 	// 用户名。
 	Username string `json:"username"`
 	// 密码。
@@ -44,6 +44,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
@@ -64,7 +65,7 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 
 	var smtpAddr string
 	if n.config.SmtpPort == 0 {
-		if n.config.SmtpTLS {
+		if n.config.SmtpTls {
 			smtpAddr = fmt.Sprintf("%s:465", n.config.SmtpHost)
 		} else {
 			smtpAddr = fmt.Sprintf("%s:25", n.config.SmtpHost)
@@ -74,7 +75,7 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 	}
 
 	var yak *mailyak.MailYak
-	if n.config.SmtpTLS {
+	if n.config.SmtpTls {
 		yak, err = mailyak.NewWithTLS(smtpAddr, smtpAuth, newTlsConfig())
 		if err != nil {
 			return nil, err
diff --git a/internal/pkg/core/notifier/providers/email/email_test.go b/internal/pkg/core/notifier/providers/email/email_test.go
index 1828a674..30bfba07 100644
--- a/internal/pkg/core/notifier/providers/email/email_test.go
+++ b/internal/pkg/core/notifier/providers/email/email_test.go
@@ -67,7 +67,7 @@ func TestNotify(t *testing.T) {
 		notifier, err := provider.NewNotifier(&provider.NotifierConfig{
 			SmtpHost:        fSmtpHost,
 			SmtpPort:        int32(fSmtpPort),
-			SmtpTLS:         fSmtpTLS,
+			SmtpTls:         fSmtpTLS,
 			Username:        fUsername,
 			Password:        fPassword,
 			SenderAddress:   fSenderAddress,
diff --git a/internal/pkg/core/notifier/providers/gotify/gotify.go b/internal/pkg/core/notifier/providers/gotify/gotify.go
index ad0c515e..aed6e7c8 100644
--- a/internal/pkg/core/notifier/providers/gotify/gotify.go
+++ b/internal/pkg/core/notifier/providers/gotify/gotify.go
@@ -9,25 +9,21 @@ import (
 	"log/slog"
 	"net/http"
 
-	"github.com/pkg/errors"
-
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 )
 
 type NotifierConfig struct {
-	// Gotify 服务地址
-	// 示例：https://gotify.example.com
+	// Gotify 服务地址。
 	Url string `json:"url"`
-	// Gotify Token
+	// Gotify Token。
 	Token string `json:"token"`
-	// Gotify 消息优先级
-	Priority int64 `json:"priority"`
+	// Gotify 消息优先级。
+	Priority int64 `json:"priority,omitempty"`
 }
 
 type NotifierProvider struct {
-	config *NotifierConfig
-	logger *slog.Logger
-	// 未来将移除
+	config     *NotifierConfig
+	logger     *slog.Logger
 	httpClient *http.Client
 }
 
@@ -40,6 +36,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config:     config,
+		logger:     slog.Default(),
 		httpClient: http.DefaultClient,
 	}, nil
 }
@@ -54,7 +51,6 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 }
 
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
-	// Gotify 原生实现, notify 库没有实现, 等待合并
 	reqBody := &struct {
 		Title    string `json:"title"`
 		Message  string `json:"message"`
@@ -65,10 +61,9 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 		Priority: n.config.Priority,
 	}
 
-	// Make request
 	body, err := json.Marshal(reqBody)
 	if err != nil {
-		return nil, errors.Wrap(err, "encode message body")
+		return nil, fmt.Errorf("gotify api error: failed to encode message body: %w", err)
 	}
 
 	req, err := http.NewRequestWithContext(
@@ -78,27 +73,24 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 		bytes.NewReader(body),
 	)
 	if err != nil {
-		return nil, errors.Wrap(err, "create new request")
+		return nil, fmt.Errorf("gotify api error: failed to create new request: %w", err)
 	}
 
 	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", n.config.Token))
 	req.Header.Set("Content-Type", "application/json; charset=utf-8")
 
-	// Send request to gotify service
 	resp, err := n.httpClient.Do(req)
 	if err != nil {
-		return nil, errors.Wrapf(err, "send request to gotify server")
+		return nil, fmt.Errorf("gotify api error: failed to send request: %w", err)
 	}
 	defer resp.Body.Close()
 
-	// Read response and verify success
 	result, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, errors.Wrap(err, "read response")
+		return nil, fmt.Errorf("gotify api error: failed to read response: %w", err)
+	} else if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("gotify api error: unexpected status code: %d, resp: %s", resp.StatusCode, string(result))
 	}
 
-	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("gotify returned status code %d: %s", resp.StatusCode, string(result))
-	}
 	return &notifier.NotifyResult{}, nil
 }
diff --git a/internal/pkg/core/notifier/providers/lark/lark.go b/internal/pkg/core/notifier/providers/lark/lark.go
index 09cc6444..e8ad7816 100644
--- a/internal/pkg/core/notifier/providers/lark/lark.go
+++ b/internal/pkg/core/notifier/providers/lark/lark.go
@@ -28,6 +28,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
diff --git a/internal/pkg/core/notifier/providers/mattermost/mattermost.go b/internal/pkg/core/notifier/providers/mattermost/mattermost.go
index c6ed748d..ed3a507a 100644
--- a/internal/pkg/core/notifier/providers/mattermost/mattermost.go
+++ b/internal/pkg/core/notifier/providers/mattermost/mattermost.go
@@ -7,20 +7,21 @@ import (
 	"io"
 	"log/slog"
 	"net/http"
+	"strings"
 
 	"github.com/nikoksr/notify/service/mattermost"
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 )
 
 type NotifierConfig struct {
-	// Mattermost 服务地址。
+	// 服务地址。
 	ServerUrl string `json:"serverUrl"`
-	// 频道ID
-	ChannelId string `json:"channelId"`
-	// 用户名
+	// 用户名。
 	Username string `json:"username"`
-	// 密码
+	// 密码。
 	Password string `json:"password"`
+	// 频道 ID。
+	ChannelId string `json:"channelId"`
 }
 
 type NotifierProvider struct {
@@ -37,6 +38,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
@@ -50,7 +52,7 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 }
 
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
-	srv := mattermost.New(n.config.ServerUrl)
+	srv := mattermost.New(strings.TrimRight(n.config.ServerUrl, "/"))
 
 	if err := srv.LoginWithCredentials(ctx, n.config.Username, n.config.Password); err != nil {
 		return nil, err
diff --git a/internal/pkg/core/notifier/providers/pushover/pushover.go b/internal/pkg/core/notifier/providers/pushover/pushover.go
index 8f84dfd2..f306df1f 100644
--- a/internal/pkg/core/notifier/providers/pushover/pushover.go
+++ b/internal/pkg/core/notifier/providers/pushover/pushover.go
@@ -9,20 +9,19 @@ import (
 	"log/slog"
 	"net/http"
 
-	"github.com/pkg/errors"
-
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 )
 
 type NotifierConfig struct {
-	Token string `json:"token"` // 应用 API Token
-	User  string `json:"user"`  // 用户/分组 Key
+	// Pushover API Token。
+	Token string `json:"token"`
+	// 用户或分组标识。
+	User string `json:"user"`
 }
 
 type NotifierProvider struct {
-	config *NotifierConfig
-	logger *slog.Logger
-	// 未来将移除
+	config     *NotifierConfig
+	logger     *slog.Logger
 	httpClient *http.Client
 }
 
@@ -35,6 +34,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config:     config,
+		logger:     slog.Default(),
 		httpClient: http.DefaultClient,
 	}, nil
 }
@@ -48,10 +48,8 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 	return n
 }
 
-// Notify 发送通知
-// 参考文档：https://pushover.net/api
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
-	// 请求体
+	// REF: https://pushover.net/api
 	reqBody := &struct {
 		Token   string `json:"token"`
 		User    string `json:"user"`
@@ -64,10 +62,9 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 		Message: message,
 	}
 
-	// Make request
 	body, err := json.Marshal(reqBody)
 	if err != nil {
-		return nil, errors.Wrap(err, "encode message body")
+		return nil, fmt.Errorf("pushover api error: failed to encode message body: %w", err)
 	}
 
 	req, err := http.NewRequestWithContext(
@@ -77,25 +74,22 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 		bytes.NewReader(body),
 	)
 	if err != nil {
-		return nil, errors.Wrap(err, "create new request")
+		return nil, fmt.Errorf("pushover api error: failed to create new request: %w", err)
 	}
 
 	req.Header.Set("Content-Type", "application/json; charset=utf-8")
 
-	// Send request to pushover service
 	resp, err := n.httpClient.Do(req)
 	if err != nil {
-		return nil, errors.Wrapf(err, "send request to pushover server")
+		return nil, fmt.Errorf("pushover api error: failed to send request: %w", err)
 	}
 	defer resp.Body.Close()
 
 	result, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, errors.Wrap(err, "read response")
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("pushover returned status code %d: %s", resp.StatusCode, string(result))
+		return nil, fmt.Errorf("pushover api error: failed to read response: %w", err)
+	} else if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("pushover api error: unexpected status code: %d, resp: %s", resp.StatusCode, string(result))
 	}
 
 	return &notifier.NotifyResult{}, nil
diff --git a/internal/pkg/core/notifier/providers/pushplus/pushplus.go b/internal/pkg/core/notifier/providers/pushplus/pushplus.go
index 4edac14e..a0ef4c7f 100644
--- a/internal/pkg/core/notifier/providers/pushplus/pushplus.go
+++ b/internal/pkg/core/notifier/providers/pushplus/pushplus.go
@@ -9,20 +9,17 @@ import (
 	"log/slog"
 	"net/http"
 
-	"github.com/pkg/errors"
-
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 )
 
 type NotifierConfig struct {
-	// PushPlus Token
+	// PushPlus Token。
 	Token string `json:"token"`
 }
 
 type NotifierProvider struct {
-	config *NotifierConfig
-	logger *slog.Logger
-	// 未来将移除
+	config     *NotifierConfig
+	logger     *slog.Logger
 	httpClient *http.Client
 }
 
@@ -35,6 +32,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config:     config,
+		logger:     slog.Default(),
 		httpClient: http.DefaultClient,
 	}, nil
 }
@@ -48,10 +46,8 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 	return n
 }
 
-// Notify 发送通知
-// 参考文档：https://pushplus.plus/doc/guide/api.html
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
-	// 请求体
+	// REF: https://pushplus.plus/doc/guide/api.html
 	reqBody := &struct {
 		Token   string `json:"token"`
 		Title   string `json:"title"`
@@ -62,10 +58,9 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 		Content: message,
 	}
 
-	// Make request
 	body, err := json.Marshal(reqBody)
 	if err != nil {
-		return nil, errors.Wrap(err, "encode message body")
+		return nil, fmt.Errorf("pushplus api error: failed to encode message body: %w", err)
 	}
 
 	req, err := http.NewRequestWithContext(
@@ -75,38 +70,32 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s
 		bytes.NewReader(body),
 	)
 	if err != nil {
-		return nil, errors.Wrap(err, "create new request")
+		return nil, fmt.Errorf("pushplus api error: failed to create new request: %w", err)
 	}
 
 	req.Header.Set("Content-Type", "application/json; charset=utf-8")
 
-	// Send request to pushplus service
 	resp, err := n.httpClient.Do(req)
 	if err != nil {
-		return nil, errors.Wrapf(err, "send request to pushplus server")
+		return nil, fmt.Errorf("pushplus api error: failed to send request: %w", err)
 	}
 	defer resp.Body.Close()
 
 	result, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, errors.Wrap(err, "read response")
+		return nil, fmt.Errorf("pushplus api error: failed to read response: %w", err)
+	} else if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("pushplus api error: unexpected status code: %d, resp: %s", resp.StatusCode, string(result))
 	}
 
-	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("pushplus returned status code %d: %s", resp.StatusCode, string(result))
-	}
-
-	// 解析响应
 	var errorResponse struct {
 		Code int    `json:"code"`
 		Msg  string `json:"msg"`
 	}
 	if err := json.Unmarshal(result, &errorResponse); err != nil {
-		return nil, errors.Wrap(err, "decode response")
-	}
-
-	if errorResponse.Code != 200 {
-		return nil, fmt.Errorf("pushplus returned error: %s", errorResponse.Msg)
+		return nil, fmt.Errorf("pushplus api error: failed to decode response: %w", err)
+	} else if errorResponse.Code != 200 {
+		return nil, fmt.Errorf("pushplus api error: unexpected response code: %d, msg: %s", errorResponse.Code, errorResponse.Msg)
 	}
 
 	return &notifier.NotifyResult{}, nil
diff --git a/internal/pkg/core/notifier/providers/serverchan/serverchan.go b/internal/pkg/core/notifier/providers/serverchan/serverchan.go
index 9cf45431..89724b08 100644
--- a/internal/pkg/core/notifier/providers/serverchan/serverchan.go
+++ b/internal/pkg/core/notifier/providers/serverchan/serverchan.go
@@ -29,6 +29,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
diff --git a/internal/pkg/core/notifier/providers/telegram/telegram.go b/internal/pkg/core/notifier/providers/telegram/telegram.go
index 631369e6..218f7ee3 100644
--- a/internal/pkg/core/notifier/providers/telegram/telegram.go
+++ b/internal/pkg/core/notifier/providers/telegram/telegram.go
@@ -10,8 +10,8 @@ import (
 )
 
 type NotifierConfig struct {
-	// Telegram API Token。
-	ApiToken string `json:"apiToken"`
+	// Telegram Bot API Token。
+	BotToken string `json:"botToken"`
 	// Telegram Chat ID。
 	ChatId int64 `json:"chatId"`
 }
@@ -30,6 +30,7 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 	return &NotifierProvider{
 		config: config,
+		logger: slog.Default(),
 	}, nil
 }
 
@@ -43,7 +44,7 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 }
 
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
-	srv, err := telegram.New(n.config.ApiToken)
+	srv, err := telegram.New(n.config.BotToken)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/pkg/core/notifier/providers/telegram/telegram_test.go b/internal/pkg/core/notifier/providers/telegram/telegram_test.go
index 8a83fa4b..e9a7d10b 100644
--- a/internal/pkg/core/notifier/providers/telegram/telegram_test.go
+++ b/internal/pkg/core/notifier/providers/telegram/telegram_test.go
@@ -45,7 +45,7 @@ func TestNotify(t *testing.T) {
 		}, "\n"))
 
 		notifier, err := provider.NewNotifier(&provider.NotifierConfig{
-			ApiToken: fApiToken,
+			BotToken: fApiToken,
 			ChatId:   fChartId,
 		})
 		if err != nil {
diff --git a/internal/pkg/core/notifier/providers/webhook/webhook.go b/internal/pkg/core/notifier/providers/webhook/webhook.go
index f2dfb4b6..0e7caaa5 100644
--- a/internal/pkg/core/notifier/providers/webhook/webhook.go
+++ b/internal/pkg/core/notifier/providers/webhook/webhook.go
@@ -3,24 +3,37 @@ package webhook
 import (
 	"context"
 	"crypto/tls"
+	"encoding/json"
+	"fmt"
 	"log/slog"
 	"net/http"
+	"net/url"
+	"strings"
+	"time"
 
-	webhook "github.com/nikoksr/notify/service/http"
+	"github.com/go-resty/resty/v2"
 
 	"github.com/usual2970/certimate/internal/pkg/core/notifier"
 )
 
 type NotifierConfig struct {
 	// Webhook URL。
-	Url string `json:"url"`
+	WebhookUrl string `json:"webhookUrl"`
+	// Webhook 回调数据（application/json 或 application/x-www-form-urlencoded 格式）。
+	WebhookData string `json:"webhookData,omitempty"`
+	// 请求谓词。
+	// 零值时默认为 "POST"。
+	Method string `json:"method,omitempty"`
+	// 请求标头。
+	Headers map[string]string `json:"headers,omitempty"`
 	// 是否允许不安全的连接。
 	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 }
 
 type NotifierProvider struct {
-	config *NotifierConfig
-	logger *slog.Logger
+	config     *NotifierConfig
+	logger     *slog.Logger
+	httpClient *resty.Client
 }
 
 var _ notifier.Notifier = (*NotifierProvider)(nil)
@@ -30,8 +43,18 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 		panic("config is nil")
 	}
 
+	client := resty.New().
+		SetTimeout(30 * time.Second).
+		SetRetryCount(3).
+		SetRetryWaitTime(5 * time.Second)
+	if config.AllowInsecureConnections {
+		client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
+	}
+
 	return &NotifierProvider{
-		config: config,
+		config:     config,
+		logger:     slog.Default(),
+		httpClient: client,
 	}, nil
 }
 
@@ -45,20 +68,120 @@ func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 }
 
 func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
-	srv := webhook.New()
-	srv.AddReceiversURLs(n.config.Url)
-
-	if n.config.AllowInsecureConnections {
-		tlsConfig := &tls.Config{InsecureSkipVerify: true}
-		transport := &http.Transport{TLSClientConfig: tlsConfig}
-		client := &http.Client{Transport: transport}
-		srv.WithClient(client)
-	}
-
-	err = srv.Send(ctx, subject, message)
+	// 处理 Webhook URL
+	webhookUrl, err := url.Parse(n.config.WebhookUrl)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to parse webhook url: %w", err)
+	} else if webhookUrl.Scheme != "http" && webhookUrl.Scheme != "https" {
+		return nil, fmt.Errorf("unsupported webhook url scheme '%s'", webhookUrl.Scheme)
 	}
 
+	// 处理 Webhook 请求谓词
+	webhookMethod := strings.ToUpper(n.config.Method)
+	if webhookMethod == "" {
+		webhookMethod = http.MethodPost
+	} else if webhookMethod != http.MethodGet &&
+		webhookMethod != http.MethodPost &&
+		webhookMethod != http.MethodPut &&
+		webhookMethod != http.MethodPatch &&
+		webhookMethod != http.MethodDelete {
+		return nil, fmt.Errorf("unsupported webhook request method '%s'", webhookMethod)
+	}
+
+	// 处理 Webhook 请求标头
+	webhookHeaders := make(http.Header)
+	for k, v := range n.config.Headers {
+		webhookHeaders.Set(k, v)
+	}
+
+	// 处理 Webhook 请求内容类型
+	const CONTENT_TYPE_JSON = "application/json"
+	const CONTENT_TYPE_FORM = "application/x-www-form-urlencoded"
+	const CONTENT_TYPE_MULTIPART = "multipart/form-data"
+	webhookContentType := webhookHeaders.Get("Content-Type")
+	if webhookContentType == "" {
+		webhookContentType = CONTENT_TYPE_JSON
+		webhookHeaders.Set("Content-Type", CONTENT_TYPE_JSON)
+	} else if strings.HasPrefix(webhookContentType, CONTENT_TYPE_JSON) &&
+		strings.HasPrefix(webhookContentType, CONTENT_TYPE_FORM) &&
+		strings.HasPrefix(webhookContentType, CONTENT_TYPE_MULTIPART) {
+		return nil, fmt.Errorf("unsupported webhook content type '%s'", webhookContentType)
+	}
+
+	// 处理 Webhook 请求数据
+	var webhookData interface{}
+	if n.config.WebhookData == "" {
+		webhookData = map[string]string{
+			"subject": subject,
+			"message": message,
+		}
+	} else {
+		err = json.Unmarshal([]byte(n.config.WebhookData), &webhookData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal webhook data: %w", err)
+		}
+
+		replaceJsonValueRecursively(webhookData, "${SUBJECT}", subject)
+		replaceJsonValueRecursively(webhookData, "${MESSAGE}", message)
+
+		if webhookMethod == http.MethodGet || webhookContentType == CONTENT_TYPE_FORM || webhookContentType == CONTENT_TYPE_MULTIPART {
+			temp := make(map[string]string)
+			jsonb, err := json.Marshal(webhookData)
+			if err != nil {
+				return nil, fmt.Errorf("failed to unmarshal webhook data: %w", err)
+			} else if err := json.Unmarshal(jsonb, &temp); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal webhook data: %w", err)
+			} else {
+				webhookData = temp
+			}
+		}
+	}
+
+	// 生成请求
+	// 其中 GET 请求需转换为查询参数
+	req := n.httpClient.R().
+		SetContext(ctx).
+		SetHeaderMultiValues(webhookHeaders)
+	req.URL = webhookUrl.String()
+	req.Method = webhookMethod
+	if webhookMethod == http.MethodGet {
+		req.SetQueryParams(webhookData.(map[string]string))
+	} else {
+		switch webhookContentType {
+		case CONTENT_TYPE_JSON:
+			req.SetBody(webhookData)
+		case CONTENT_TYPE_FORM:
+			req.SetFormData(webhookData.(map[string]string))
+		case CONTENT_TYPE_MULTIPART:
+			req.SetMultipartFormData(webhookData.(map[string]string))
+		}
+	}
+
+	// 发送请求
+	resp, err := req.Send()
+	if err != nil {
+		return nil, fmt.Errorf("failed to send webhook request: %w", err)
+	} else if resp.IsError() {
+		return nil, fmt.Errorf("unexpected webhook response status code: %d", resp.StatusCode())
+	}
+
+	n.logger.Debug("webhook responded", slog.Any("response", resp.String()))
+
 	return &notifier.NotifyResult{}, nil
 }
+
+func replaceJsonValueRecursively(data interface{}, oldStr, newStr string) interface{} {
+	switch v := data.(type) {
+	case map[string]any:
+		for k, val := range v {
+			v[k] = replaceJsonValueRecursively(val, oldStr, newStr)
+		}
+	case []any:
+		for i, val := range v {
+			v[i] = replaceJsonValueRecursively(val, oldStr, newStr)
+		}
+	case string:
+		return strings.ReplaceAll(v, oldStr, newStr)
+	}
+	return data
+}
diff --git a/internal/pkg/core/notifier/providers/webhook/webhook_test.go b/internal/pkg/core/notifier/providers/webhook/webhook_test.go
index ffe25593..c416b3c9 100644
--- a/internal/pkg/core/notifier/providers/webhook/webhook_test.go
+++ b/internal/pkg/core/notifier/providers/webhook/webhook_test.go
@@ -15,19 +15,24 @@ const (
 	mockMessage = "test_message"
 )
 
-var fUrl string
+var (
+	fWebhookUrl         string
+	fWebhookContentType string
+)
 
 func init() {
 	argsPrefix := "CERTIMATE_NOTIFIER_WEBHOOK_"
 
-	flag.StringVar(&fUrl, argsPrefix+"URL", "", "")
+	flag.StringVar(&fWebhookUrl, argsPrefix+"URL", "", "")
+	flag.StringVar(&fWebhookContentType, argsPrefix+"CONTENTTYPE", "application/json", "")
 }
 
 /*
 Shell command to run this test:
 
 	go test -v ./webhook_test.go -args \
-	--CERTIMATE_NOTIFIER_WEBHOOK_URL="https://example.com/your-webhook-url"
+	--CERTIMATE_NOTIFIER_WEBHOOK_URL="https://example.com/your-webhook-url" \
+	--CERTIMATE_NOTIFIER_WEBHOOK_CONTENTTYPE="application/json"
 */
 func TestNotify(t *testing.T) {
 	flag.Parse()
@@ -35,11 +40,15 @@ func TestNotify(t *testing.T) {
 	t.Run("Notify", func(t *testing.T) {
 		t.Log(strings.Join([]string{
 			"args:",
-			fmt.Sprintf("URL: %v", fUrl),
+			fmt.Sprintf("URL: %v", fWebhookUrl),
 		}, "\n"))
 
 		notifier, err := provider.NewNotifier(&provider.NotifierConfig{
-			Url:                      fUrl,
+			WebhookUrl: fWebhookUrl,
+			Method:     "POST",
+			Headers: map[string]string{
+				"Content-Type": fWebhookContentType,
+			},
 			AllowInsecureConnections: true,
 		})
 		if err != nil {
diff --git a/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go b/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
index e4817ff8..e5a0b0ba 100644
--- a/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
+++ b/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
@@ -93,6 +93,12 @@ func (u *UploaderProvider) getCertIfExists(ctx context.Context, certPEM string,
 	searchWebsiteSSLPageNumber := int32(1)
 	searchWebsiteSSLPageSize := int32(100)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		searchWebsiteSSLReq := &opsdk.SearchWebsiteSSLRequest{
 			Page:     searchWebsiteSSLPageNumber,
 			PageSize: searchWebsiteSSLPageSize,
diff --git a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
index 487ee8b5..9d7be223 100644
--- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
@@ -71,6 +71,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	listUserCertificateOrderPage := int64(1)
 	listUserCertificateOrderLimit := int64(50)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listUserCertificateOrderReq := &alicas.ListUserCertificateOrderRequest{
 			CurrentPage: tea.Int64(listUserCertificateOrderPage),
 			ShowSize:    tea.Int64(listUserCertificateOrderLimit),
diff --git a/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go b/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go
index 8babb671..f808083c 100644
--- a/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go
+++ b/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go
@@ -74,6 +74,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	var listCertificatesNextToken *string = nil
 	listCertificatesMaxItems := int32(1000)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listCertificatesReq := &awsacm.ListCertificatesInput{
 			NextToken: listCertificatesNextToken,
 			MaxItems:  aws.Int32(listCertificatesMaxItems),
diff --git a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
index e94655df..1235893c 100644
--- a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
+++ b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
@@ -74,6 +74,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 		Source:   bytepluscdn.GetStrPtr("cert_center"),
 	}
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
 		u.logger.Debug("sdk request 'cdn.ListCertInfo'", slog.Any("request", listCertInfoReq), slog.Any("response", listCertInfoResp))
 		if err != nil {
diff --git a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
index 9a7d74b1..9369144e 100644
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -76,6 +76,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	listCertificatesLimit := int32(2000)
 	var listCertificatesMarker *string = nil
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listCertificatesReq := &hcelbmodel.ListCertificatesRequest{
 			Limit:  typeutil.ToPtr(listCertificatesLimit),
 			Marker: listCertificatesMarker,
diff --git a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
index a26b471a..f8435733 100644
--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@@ -72,6 +72,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	listCertificatesLimit := int32(50)
 	listCertificatesOffset := int32(0)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listCertificatesReq := &hcscmmodel.ListCertificatesRequest{
 			Limit:   typeutil.ToPtr(listCertificatesLimit),
 			Offset:  typeutil.ToPtr(listCertificatesOffset),
diff --git a/internal/pkg/core/uploader/providers/huaweicloud-waf/huaweicloud_waf.go b/internal/pkg/core/uploader/providers/huaweicloud-waf/huaweicloud_waf.go
index 9e3bbd59..d0c61775 100644
--- a/internal/pkg/core/uploader/providers/huaweicloud-waf/huaweicloud_waf.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-waf/huaweicloud_waf.go
@@ -77,6 +77,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	listCertificatesPage := int32(1)
 	listCertificatesPageSize := int32(100)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listCertificatesReq := &hcwafmodel.ListCertificatesRequest{
 			Page:     typeutil.ToPtr(listCertificatesPage),
 			Pagesize: typeutil.ToPtr(listCertificatesPageSize),
diff --git a/internal/pkg/core/uploader/providers/jdcloud-ssl/jdcloud_ssl.go b/internal/pkg/core/uploader/providers/jdcloud-ssl/jdcloud_ssl.go
index a0cbb1d9..b26755a6 100644
--- a/internal/pkg/core/uploader/providers/jdcloud-ssl/jdcloud_ssl.go
+++ b/internal/pkg/core/uploader/providers/jdcloud-ssl/jdcloud_ssl.go
@@ -77,6 +77,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	describeCertsPageNumber := 1
 	describeCertsPageSize := 10
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		describeCertsReq := jdsslapi.NewDescribeCertsRequest()
 		describeCertsReq.SetDomainName(certX509.Subject.CommonName)
 		describeCertsReq.SetPageNumber(describeCertsPageNumber)
diff --git a/internal/pkg/core/uploader/providers/rainyun-sslcenter/rainyun_sslcenter.go b/internal/pkg/core/uploader/providers/rainyun-sslcenter/rainyun_sslcenter.go
index 1cfdecc7..cb493110 100644
--- a/internal/pkg/core/uploader/providers/rainyun-sslcenter/rainyun_sslcenter.go
+++ b/internal/pkg/core/uploader/providers/rainyun-sslcenter/rainyun_sslcenter.go
@@ -93,6 +93,12 @@ func (u *UploaderProvider) getCertIfExists(ctx context.Context, certPEM string)
 	sslCenterListPage := int32(1)
 	sslCenterListPerPage := int32(100)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		sslCenterListReq := &rainyunsdk.SslCenterListRequest{
 			Filters: &rainyunsdk.SslCenterListFilters{
 				Domain: &certX509.Subject.CommonName,
diff --git a/internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go b/internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go
index eb4ce1bf..90eb1683 100644
--- a/internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go
+++ b/internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go
@@ -124,6 +124,12 @@ func (u *UploaderProvider) getCertIfExists(ctx context.Context, certPEM string)
 	getCertificateListPage := int(1)
 	getCertificateListLimit := int(1000)
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		getCertificateListReq := u.sdkClient.NewGetCertificateListRequest()
 		getCertificateListReq.Mode = ucloud.String("trust")
 		getCertificateListReq.Domain = ucloud.String(certX509.Subject.CommonName)
diff --git a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
index 48e03722..b529e84a 100644
--- a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
@@ -75,6 +75,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 		Source:   "volc_cert_center",
 	}
 	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
 		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
 		u.logger.Debug("sdk request 'cdn.ListCertInfo'", slog.Any("request", listCertInfoReq), slog.Any("response", listCertInfoResp))
 		if err != nil {
diff --git a/internal/pkg/utils/http/parser.go b/internal/pkg/utils/http/parser.go
new file mode 100644
index 00000000..872fb6b5
--- /dev/null
+++ b/internal/pkg/utils/http/parser.go
@@ -0,0 +1,33 @@
+package httputil
+
+import (
+	"bufio"
+	"net/http"
+	"net/textproto"
+	"strings"
+)
+
+// 从表示 HTTP 标头的字符串解析并返回一个 http.Header 对象。
+//
+// 入参:
+//   - headers: 表示 HTTP 标头的字符串。
+//
+// 出参:
+//   - header: http.Header 对象。
+//   - err: 错误。
+func ParseHeaders(headers string) (http.Header, error) {
+	str := strings.TrimSpace(headers) + "\r\n\r\n"
+	if len(str) == 4 {
+		return make(http.Header), nil
+	}
+
+	br := bufio.NewReader(strings.NewReader(str))
+	tp := textproto.NewReader(br)
+
+	mimeHeader, err := tp.ReadMIMEHeader()
+	if err != nil {
+		return nil, err
+	}
+
+	return http.Header(mimeHeader), err
+}
diff --git a/internal/pkg/utils/map/getter.go b/internal/pkg/utils/map/getter.go
index c4e6fbe1..f30f6d33 100644
--- a/internal/pkg/utils/map/getter.go
+++ b/internal/pkg/utils/map/getter.go
@@ -199,6 +199,28 @@ func GetOrDefaultBool(dict map[string]any, key string, defaultValue bool) bool {
 	return defaultValue
 }
 
+// 以 `map[string]V` 形式从字典中获取指定键的值。
+//
+// 入参：
+//   - dict: 字典。
+//   - key: 键。
+//
+// 出参：
+//   - 字典中键对应的 `map[string]V` 对象。
+func GetKVMap[V any](dict map[string]any, key string) map[string]V {
+	if dict == nil {
+		return make(map[string]V)
+	}
+
+	if val, ok := dict[key]; ok {
+		if result, ok := val.(map[string]V); ok {
+			return result
+		}
+	}
+
+	return make(map[string]V)
+}
+
 // 以 `map[string]any` 形式从字典中获取指定键的值。
 //
 // 入参：
@@ -207,16 +229,6 @@ func GetOrDefaultBool(dict map[string]any, key string, defaultValue bool) bool {
 //
 // 出参：
 //   - 字典中键对应的 `map[string]any` 对象。
-func GetAnyMap(dict map[string]any, key string) map[string]any {
-	if dict == nil {
-		return make(map[string]any)
-	}
-
-	if val, ok := dict[key]; ok {
-		if result, ok := val.(map[string]any); ok {
-			return result
-		}
-	}
-
-	return make(map[string]any)
+func GetKVMapAny(dict map[string]any, key string) map[string]any {
+	return GetKVMap[any](dict, key)
 }
diff --git a/internal/repository/access.go b/internal/repository/access.go
index d25a6366..16cc7378 100644
--- a/internal/repository/access.go
+++ b/internal/repository/access.go
@@ -53,6 +53,7 @@ func (r *AccessRepository) castRecordToModel(record *core.Record) (*domain.Acces
 		Name:     record.GetString("name"),
 		Provider: record.GetString("provider"),
 		Config:   config,
+		Reserve:  record.GetString("reserve"),
 	}
 	return access, nil
 }
diff --git a/internal/workflow/dispatcher/invoker.go b/internal/workflow/dispatcher/invoker.go
index 5f344458..c644b26b 100644
--- a/internal/workflow/dispatcher/invoker.go
+++ b/internal/workflow/dispatcher/invoker.go
@@ -47,8 +47,10 @@ func (w *workflowInvoker) GetLogs() domain.WorkflowLogs {
 func (w *workflowInvoker) processNode(ctx context.Context, node *domain.WorkflowNode) error {
 	current := node
 	for current != nil {
-		if ctx.Err() != nil {
+		select {
+		case <-ctx.Done():
 			return ctx.Err()
+		default:
 		}
 
 		if current.Type == domain.WorkflowNodeTypeBranch || current.Type == domain.WorkflowNodeTypeExecuteResultBranch {
diff --git a/internal/workflow/node-processor/apply_node.go b/internal/workflow/node-processor/apply_node.go
index d9415cb9..97b7575d 100644
--- a/internal/workflow/node-processor/apply_node.go
+++ b/internal/workflow/node-processor/apply_node.go
@@ -41,22 +41,25 @@ func (n *applyNode) Process(ctx context.Context) error {
 	}
 
 	// 检测是否可以跳过本次执行
-	if skippable, skipReason := n.checkCanSkip(ctx, lastOutput); skippable {
-		n.logger.Info(fmt.Sprintf("skip this application, because %s", skipReason))
+	if skippable, reason := n.checkCanSkip(ctx, lastOutput); skippable {
+		n.logger.Info(fmt.Sprintf("skip this application, because %s", reason))
 		return nil
-	} else if skipReason != "" {
-		n.logger.Info(fmt.Sprintf("re-apply, because %s", skipReason))
+	} else if reason != "" {
+		n.logger.Info(fmt.Sprintf("re-apply, because %s", reason))
 	}
 
 	// 初始化申请器
-	applicant, err := applicant.NewWithApplyNode(n.node)
+	applicant, err := applicant.NewWithWorkflowNode(applicant.ApplicantWithWorkflowNodeConfig{
+		Node:   n.node,
+		Logger: n.logger,
+	})
 	if err != nil {
 		n.logger.Warn("failed to create applicant provider")
 		return err
 	}
 
 	// 申请证书
-	applyResult, err := applicant.Apply()
+	applyResult, err := applicant.Apply(ctx)
 	if err != nil {
 		n.logger.Warn("failed to apply")
 		return err
diff --git a/internal/workflow/node-processor/deploy_node.go b/internal/workflow/node-processor/deploy_node.go
index edb3c53d..d60a5a7a 100644
--- a/internal/workflow/node-processor/deploy_node.go
+++ b/internal/workflow/node-processor/deploy_node.go
@@ -54,26 +54,27 @@ func (n *deployNode) Process(ctx context.Context) error {
 
 	// 检测是否可以跳过本次执行
 	if lastOutput != nil && certificate.CreatedAt.Before(lastOutput.UpdatedAt) {
-		if skippable, skipReason := n.checkCanSkip(ctx, lastOutput); skippable {
-			n.logger.Info(fmt.Sprintf("skip this deployment, because %s", skipReason))
+		if skippable, reason := n.checkCanSkip(ctx, lastOutput); skippable {
+			n.logger.Info(fmt.Sprintf("skip this deployment, because %s", reason))
 			return nil
-		} else if skipReason != "" {
-			n.logger.Info(fmt.Sprintf("re-deploy, because %s", skipReason))
+		} else if reason != "" {
+			n.logger.Info(fmt.Sprintf("re-deploy, because %s", reason))
 		}
 	}
 
 	// 初始化部署器
-	deployer, err := deployer.NewWithDeployNode(n.node, struct {
-		Certificate string
-		PrivateKey  string
-	}{Certificate: certificate.Certificate, PrivateKey: certificate.PrivateKey})
+	deployer, err := deployer.NewWithWorkflowNode(deployer.DeployerWithWorkflowNodeConfig{
+		Node:           n.node,
+		Logger:         n.logger,
+		CertificatePEM: certificate.Certificate,
+		PrivateKeyPEM:  certificate.PrivateKey,
+	})
 	if err != nil {
 		n.logger.Warn("failed to create deployer provider")
 		return err
 	}
 
 	// 部署证书
-	deployer.SetLogger(n.logger)
 	if err := deployer.Deploy(ctx); err != nil {
 		n.logger.Warn("failed to deploy")
 		return err
diff --git a/internal/workflow/node-processor/notify_node.go b/internal/workflow/node-processor/notify_node.go
index 1c2b49d8..1840938b 100644
--- a/internal/workflow/node-processor/notify_node.go
+++ b/internal/workflow/node-processor/notify_node.go
@@ -30,25 +30,50 @@ func (n *notifyNode) Process(ctx context.Context) error {
 
 	nodeConfig := n.node.GetConfigForNotify()
 
-	// 获取通知配置
-	settings, err := n.settingsRepo.GetByName(ctx, "notifyChannels")
+	if nodeConfig.Provider == "" {
+		// Deprecated: v0.4.x 将废弃
+		// 兼容旧版本的通知渠道
+		n.logger.Warn("WARNING! you are using the notification channel from global settings, which will be deprecated in the future")
+
+		// 获取通知配置
+		settings, err := n.settingsRepo.GetByName(ctx, "notifyChannels")
+		if err != nil {
+			return err
+		}
+
+		// 获取通知渠道
+		channelConfig, err := settings.GetNotifyChannelConfig(nodeConfig.Channel)
+		if err != nil {
+			return err
+		}
+
+		// 发送通知
+		if err := notify.SendToChannel(nodeConfig.Subject, nodeConfig.Message, nodeConfig.Channel, channelConfig); err != nil {
+			n.logger.Warn("failed to notify", slog.String("channel", nodeConfig.Channel))
+			return err
+		}
+
+		n.logger.Info("notify completed")
+		return nil
+	}
+
+	// 初始化通知器
+	deployer, err := notify.NewWithWorkflowNode(notify.NotifierWithWorkflowNodeConfig{
+		Node:    n.node,
+		Logger:  n.logger,
+		Subject: nodeConfig.Subject,
+		Message: nodeConfig.Message,
+	})
 	if err != nil {
+		n.logger.Warn("failed to create notifier provider")
 		return err
 	}
 
-	// 获取通知渠道
-	channelConfig, err := settings.GetNotifyChannelConfig(nodeConfig.Channel)
-	if err != nil {
+	// 推送通知
+	if err := deployer.Notify(ctx); err != nil {
+		n.logger.Warn("failed to notify")
 		return err
 	}
 
-	// 发送通知
-	if err := notify.SendToChannel(nodeConfig.Subject, nodeConfig.Message, nodeConfig.Channel, channelConfig); err != nil {
-		n.logger.Warn("failed to notify", slog.String("channel", nodeConfig.Channel))
-		return err
-	}
-
-	n.logger.Info("notify completed")
-
 	return nil
 }
diff --git a/internal/workflow/node-processor/upload_node.go b/internal/workflow/node-processor/upload_node.go
index 891f2978..2da19eed 100644
--- a/internal/workflow/node-processor/upload_node.go
+++ b/internal/workflow/node-processor/upload_node.go
@@ -39,11 +39,11 @@ func (n *uploadNode) Process(ctx context.Context) error {
 	}
 
 	// 检测是否可以跳过本次执行
-	if skippable, skipReason := n.checkCanSkip(ctx, lastOutput); skippable {
-		n.logger.Info(fmt.Sprintf("skip this upload, because %s", skipReason))
+	if skippable, reason := n.checkCanSkip(ctx, lastOutput); skippable {
+		n.logger.Info(fmt.Sprintf("skip this upload, because %s", reason))
 		return nil
-	} else if skipReason != "" {
-		n.logger.Info(fmt.Sprintf("re-upload, because %s", skipReason))
+	} else if reason != "" {
+		n.logger.Info(fmt.Sprintf("re-upload, because %s", reason))
 	}
 
 	// 生成证书实体
diff --git a/migrations/1745726400_upgrade.go b/migrations/1745726400_upgrade.go
new file mode 100644
index 00000000..e4449f36
--- /dev/null
+++ b/migrations/1745726400_upgrade.go
@@ -0,0 +1,88 @@
+package migrations
+
+import (
+	"github.com/pocketbase/pocketbase/core"
+	m "github.com/pocketbase/pocketbase/migrations"
+)
+
+func init() {
+	m.Register(func(app core.App) error {
+		// update collection `access`
+		{
+			collection, err := app.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+			if err != nil {
+				return err
+			}
+
+			if err := collection.Fields.AddMarshaledJSONAt(4, []byte(`{
+				"autogeneratePattern": "",
+				"hidden": false,
+				"id": "text2859962647",
+				"max": 0,
+				"min": 0,
+				"name": "reserve",
+				"pattern": "",
+				"presentable": false,
+				"primaryKey": false,
+				"required": false,
+				"system": false,
+				"type": "text"
+			}`)); err != nil {
+				return err
+			}
+
+			if err := app.Save(collection); err != nil {
+				return err
+			}
+		}
+
+		// migrate data
+		{
+			accesses, err := app.FindAllRecords("access")
+			if err != nil {
+				return err
+			}
+
+			for _, access := range accesses {
+				changed := false
+
+				if access.GetString("provider") == "buypass" {
+					access.Set("reserve", "ca")
+					changed = true
+				} else if access.GetString("provider") == "googletrustservices" {
+					access.Set("reserve", "ca")
+					changed = true
+				} else if access.GetString("provider") == "sslcom" {
+					access.Set("reserve", "ca")
+					changed = true
+				} else if access.GetString("provider") == "zerossl" {
+					access.Set("reserve", "ca")
+					changed = true
+				}
+
+				if access.GetString("provider") == "webhook" {
+					config := make(map[string]any)
+					if err := access.UnmarshalJSONField("config", &config); err != nil {
+						return err
+					}
+
+					config["method"] = "POST"
+					config["headers"] = "Content-Type: application/json"
+					access.Set("config", config)
+					changed = true
+				}
+
+				if changed {
+					err = app.Save(access)
+					if err != nil {
+						return err
+					}
+				}
+			}
+		}
+
+		return nil
+	}, func(app core.App) error {
+		return nil
+	})
+}
diff --git a/ui/public/imgs/providers/dingtalk.svg b/ui/public/imgs/providers/dingtalk.svg
new file mode 100644
index 00000000..24d3881a
--- /dev/null
+++ b/ui/public/imgs/providers/dingtalk.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><path d="M512.003 79C272.855 79 79 272.855 79 512.003 79 751.145 272.855 945 512.003 945 751.145 945 945 751.145 945 512.003 945 272.855 751.145 79 512.003 79z m200.075 375.014c-0.867 3.764-3.117 9.347-6.234 16.012h0.087l-0.347 0.648c-18.183 38.86-65.631 115.108-65.631 115.108l-0.215-0.52-13.856 24.147h66.8L565.063 779l29.002-115.368h-52.598l18.27-76.29c-14.76 3.55-32.253 8.436-52.945 15.1 0 0-27.967 16.36-80.607-31.5 0 0-35.501-31.29-14.891-39.078 8.744-3.33 42.466-7.573 69.004-11.122 35.93-4.845 57.965-7.441 57.965-7.441s-110.607 1.643-136.841-2.468c-26.237-4.11-59.525-47.905-66.626-86.377 0 0-10.953-21.117 23.595-11.122 34.547 10 177.535 38.95 177.535 38.95s-185.933-56.992-198.36-70.929c-12.381-13.846-36.406-75.902-33.289-113.981 0 0 1.343-9.521 11.127-6.926 0 0 137.49 62.75 231.475 97.152 94.028 34.403 175.76 51.885 165.2 96.414z" fill="#3AA2EB"></path></svg>
diff --git a/ui/public/imgs/providers/email.svg b/ui/public/imgs/providers/email.svg
new file mode 100644
index 00000000..a74f0c41
--- /dev/null
+++ b/ui/public/imgs/providers/email.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><path d="M832 128H192a128 128 0 0 0-128 128v512a128 128 0 0 0 128 128h384v-64H192a64 64 0 0 1-64-64V310.4l384 206.08 384-206.72V768h64V256a128 128 0 0 0-128-128zM512 443.52L131.2 240A64 64 0 0 1 192 192h640a64 64 0 0 1 60.8 46.72z" fill="#616971"></path><path d="M640 896h64v-64h-64z m256-64v64h64v-64z m-128 64h64v-64h-64z" fill="#FF8910"></path></svg>
diff --git a/ui/public/imgs/providers/lark.svg b/ui/public/imgs/providers/lark.svg
new file mode 100644
index 00000000..ab32e57c
--- /dev/null
+++ b/ui/public/imgs/providers/lark.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><path d="M738.588528 406.663717c-2.36797 0.127998-2.943963-0.959988-3.19996-3.19996-0.255997-2.36797-0.127998-5.183935-1.279984-7.039912-2.239972-3.519956-1.59998-7.679904-3.519956-11.327859a20.095749 20.095749 0 0 1-2.239972-6.207922c-0.127998-1.279984 0.191998-3.071962-0.703991-3.775953-2.047974-1.471982-1.279984-3.839952-2.559968-5.759928-1.407982-2.047974-1.471982-5.055937-2.559968-7.551906-1.087986-2.623967-2.43197-5.439932-2.687966-8.319896-0.127998-1.407982-1.727978-1.471982-1.66398-2.879964 0.127998-2.36797-1.59998-4.287946-2.175972-6.527918-0.76799-3.007962-2.43197-5.887926-3.583956-8.83189-0.895989-2.36797-1.855977-4.79994-2.943963-6.911913-1.59998-3.19996-2.943963-6.463919-4.79994-9.59988-1.791978-2.751966-2.303971-6.335921-4.223947-9.343883a52.287346 52.287346 0 0 1-4.095949-7.871902c-1.855977-4.351946-4.543943-8.127898-6.655917-12.287846a169.533881 169.533881 0 0 0-6.591917-12.095849c-2.239972-3.775953-4.223947-7.743903-6.847915-11.391858-1.023987-1.471982-2.687966-2.943963-2.943963-4.607942-0.383995-2.43197-2.239972-4.159948-3.391957-5.567931-1.59998-1.919976-1.663979-5.311934-4.79994-6.015924 0 0-0.127998-0.319996-0.064-0.447995 0.255997-2.559968-3.327958-3.263959-3.007962-5.887926-2.751966-0.959988-1.983975-4.991938-5.119936-5.759928 0 0-0.127998-0.255997-0.063999-0.383995 0.255997-2.559968-2.239972-3.96795-3.327959-5.63193a43.19946 43.19946 0 0 0-4.79994-6.015925c-0.83199-0.895989-2.239972-1.663979-2.559968-2.751965-1.087986-3.839952-4.735941-5.759928-6.591917-9.087887-1.727978-3.071962-4.735941-5.119936-7.103912-7.679904a24.575693 24.575693 0 0 0-8.319896-6.39992c-3.007962-1.151986-5.375933-3.583955-8.959888-3.775953-3.711954-0.191998-7.23191-2.36797-11.13586-2.239972 0-0.83199-0.255997-1.471982-1.279984-1.471981H214.883074c-1.023987 0-1.279984 0.639992-1.279984 1.471981-2.559968-0.191998-3.96795 1.919976-4.79994 3.455957-1.919976 3.391958 0.83199 9.59988 4.543944 11.071862 1.535981 0.575993 2.36797 1.663979 3.455956 2.687966 0.575993 0.575993 1.087986 1.471982 1.919976 1.343983 1.535981-0.127998 2.239972 0.959988 2.687967 1.855977 0.575993 1.215985 1.663979 1.663979 2.559968 2.111974a32.511594 32.511594 0 0 1 7.423907 5.311933c3.327958 3.071962 7.039912 5.56793 10.623867 8.191898 3.007962 2.175973 5.439932 5.055937 8.703891 6.847914 2.495969 1.279984 3.839952 4.159948 6.207923 5.311934 3.327958 1.663979 5.183935 4.863939 8.383895 6.527918 1.983975 1.023987 3.519956 2.687966 4.927938 4.351946 1.279984 1.471982 3.583955 1.535981 4.607943 3.007962 3.007962 4.479944 8.127898 6.527918 11.647854 10.559868 3.455957 3.903951 8.319896 6.271922 11.903851 10.367871 4.223947 4.927938 9.983875 8.447894 14.591818 13.055837 3.19996 3.19996 6.463919 6.207922 9.727878 9.279884 2.559968 2.36797 5.119936 4.735941 7.551906 7.231909 1.791978 1.791978 4.095949 3.19996 5.759928 4.79994 4.159948 4.03195 8.959888 7.615905 11.839852 12.79984l0.639992 0.767991c3.19996 3.007962 6.39992 6.015925 9.471882 9.087886 3.839952 3.839952 7.551906 7.935901 11.711853 11.583855a15.743803 15.743803 0 0 1 4.223947 4.735941c0.83199 1.919976 2.303971 3.19996 3.583956 4.415945 3.519956 3.455957 7.359908 6.655917 9.855876 11.007862 1.023987 1.791978 3.135961 2.43197 4.223948 4.159948 1.407982 2.175973 3.519956 3.711954 4.927938 6.015925 2.047974 3.391958 5.56793 5.759928 7.935901 9.279884 2.303971 3.455957 5.375933 6.783915 8.319896 9.727879 3.327958 3.327958 5.63193 7.423907 9.151885 10.431869 1.855977 1.535981 2.047974 4.479944 4.415945 5.439932 1.215985 0.511994 1.59998 1.535981 1.919976 2.367971 1.279984 2.751966 3.647954 4.671942 5.119936 7.231909 1.471982 2.559968 3.96795 4.159948 5.63193 6.655917 3.071962 4.735941 6.591918 9.279884 10.431869 13.439832 1.215985 1.407982 1.087986 3.583955 2.879964 4.287946 2.687966 1.087986 3.135961 3.96795 4.543944 5.887927 1.791978 2.495969 4.223947 4.607942 5.56793 7.359908 1.407982 2.943963 3.839952 5.119936 5.375933 7.807902 1.407982 2.43197 3.19996 4.607942 4.671941 7.039912 1.087986 1.855977 2.111974 3.96795 3.711954 5.567931 1.727978 1.727978 2.239972 4.351946 4.223947 5.951925 1.791978 1.471982 2.175973 3.839952 3.839952 5.503931 1.727978 1.919976 2.43197 4.735941 4.351946 6.591918 1.663979 1.59998 2.495969 3.775953 3.647954 5.63193 0.83199 1.279984 2.559968 2.047974 2.751966 3.775952 0.191998 1.919976 1.663979 3.071962 2.623967 4.479944 1.471982 2.175973 3.391958 4.351946 4.223947 6.39992 1.535981 3.839952 4.159948 6.783915 6.015925 10.239872 2.175973 3.839952 4.863939 7.679904 7.039912 11.647855 1.663979 2.879964 3.327958 5.759928 5.119936 8.447894 0.76799 1.343983 0.639992 3.135961 2.111974 4.159948 1.791978 1.279984 2.175973 3.455957 3.19996 5.247935 0.895989 1.59998 1.535981 3.519956 2.815964 4.607942 1.023987 0.895989 1.023987 1.727978 1.215985 2.751966 1.535981 0.639992 2.303971-0.575993 3.19996-1.407983l7.167911-7.103911 14.783815-14.591818c4.223947-4.159948 8.127898-8.575893 12.479844-12.607842 7.679904-7.039912 14.719816-14.591818 22.39972-21.695729 4.991938-4.671942 9.471882-9.791878 14.975813-13.951825 4.79994-3.711954 8.83189-8.319896 13.183835-12.607843l9.663879-9.59988c3.327958-3.327958 7.679904-5.503931 10.751866-9.087886a2.687966 2.687966 0 0 1 0.959988-0.83199c3.19996-1.279984 5.439932-3.903951 8.127898-5.887926 3.135961-2.239972 6.271922-4.479944 9.343883-6.847915 1.535981-1.215985 3.519956-1.791978 4.86394-3.13596 3.839952-3.839952 8.959888-5.56793 13.439832-8.255897 4.735941-2.815965 9.59988-5.56793 14.591817-7.935901 3.519956-1.663979 6.655917-4.351946 10.495869-5.119936 4.415945-0.895989 7.679904-3.903951 11.839852-5.183935 1.279984-0.383995 2.879964-0.511994 4.03195-1.407983 2.43197-1.919976 5.695929-1.919976 8.447894-3.19996 1.279984-0.639992 2.687966-1.471982 4.159948-1.663979 3.327958-0.447994 6.271922-1.983975 9.471882-2.815965 0.895989-0.191998 1.59998-0.703991 0.831989-1.791977" fill="#00D6B9"></path><path d="M830.747376 641.156786c-0.959988-0.639992-1.535981 0.191998-2.111973 0.76799-1.727978 1.535981-2.943963 3.583955-4.415945 5.375933l-7.359908 8.575893c-5.055937 5.56793-10.495869 10.879864-15.9998 15.871801-4.287946 3.903951-9.087886 7.23191-13.695829 10.751866-1.727978 1.279984-3.455957 2.687966-5.247934 3.839952-1.919976 1.343983-3.647954 3.135961-5.759928 4.031949-4.03195 1.727978-7.615905 4.223947-11.327859 6.39992a167.037912 167.037912 0 0 1-20.223747 9.407883c-3.903951 1.59998-7.743903 3.327958-11.775853 4.607942-3.19996 1.023987-6.335921 2.36797-9.59988 3.19996-1.087986 0.255997-2.239972 0.127998-3.263959 0.511994-3.19996 1.215985-6.591918 1.919976-9.919876 2.751965-2.879964 0.76799-6.015925 0.127998-8.511894 1.279984-3.839952 1.791978-8.191898 0.127998-11.775852 2.559968-5.56793-0.063999-11.135861 0.575993-16.703792 1.023988-9.855877 0.76799-19.711754-0.639992-29.56763-0.895989-4.479944-0.127998-8.703891-2.36797-13.247835-1.727979-0.255997 0-0.511994-0.063999-0.703991-0.255996-1.471982-1.151986-3.19996-1.087986-4.863939-1.087987-3.455957 0-6.783915-0.76799-10.047874-1.407982-3.19996-0.639992-6.463919-1.855977-9.59988-2.943963-1.855977-0.639992-3.839952-0.255997-5.503932-1.087987a28.607642 28.607642 0 0 0-7.679904-2.431969c-6.143923-1.279984-11.839852-3.839952-18.047774-4.86394-4.095949-0.703991-7.679904-3.007962-11.775853-3.839952-2.879964-0.639992-5.695929-1.663979-8.447894-2.559968-3.519956-1.151986-7.039912-2.36797-10.623867-3.263959-5.695929-1.535981-10.943863-3.96795-16.511794-5.759928-6.655917-2.175973-13.119836-4.79994-19.775753-7.039912-3.903951-1.279984-7.423907-3.647954-11.647854-4.287946a14.591818 14.591818 0 0 1-5.119936-1.919976c-3.135961-1.791978-6.655917-2.43197-9.855877-3.967951-2.687966-1.279984-5.695929-1.919976-8.319896-3.19996-4.351946-2.239972-9.407882-2.943963-13.375833-6.079924-0.255997-0.191998-0.639992-0.255997-0.959988-0.255996-3.19996-0.319996-6.079924-1.791978-8.831889-3.19996-6.079924-2.943963-12.607842-4.927938-18.559768-8.191898-4.735941-2.623967-9.983875-4.095949-14.719816-6.655917-1.087986-0.255997-2.047974-0.063999-3.19996-0.639992-1.983975-0.959988-3.839952-2.559968-5.887927-3.071961-3.903951-1.087986-6.847914-3.903951-10.687866-5.055937-2.175973-0.639992-3.839952-2.559968-5.887927-3.071962-2.559968-0.639992-4.671942-1.919976-6.719916-3.071961-3.391958-1.919976-7.039912-3.19996-10.431869-5.311934-1.855977-1.151986-4.287946-1.535981-5.887927-2.879964-2.43197-2.047974-6.207922-1.919976-7.871901-4.991938-4.095949-0.319996-6.847914-3.455957-10.367871-4.927938-4.159948-1.727978-7.935901-4.351946-11.903851-6.591918-1.663979-0.959988-3.19996-2.687966-4.79994-3.007962-4.351946-0.895989-7.295909-3.96795-10.879864-5.887926a124.414445 124.414445 0 0 1-12.159848-7.295909c-0.639992-0.383995-1.59998-0.319996-2.047974-0.83199-2.559968-2.879964-6.207922-4.351946-9.343883-6.271921a424.186698 424.186698 0 0 1-9.279884-5.63193c-3.775953-2.36797-7.679904-4.735941-11.26386-7.295909-2.36797-1.727978-5.375933-2.751966-7.423907-4.735941-1.535981-1.407982-3.391958-1.919976-4.927938-3.19996-2.815965-2.303971-6.079924-4.159948-9.151886-6.271921-1.407982-0.959988-3.263959-1.855977-4.223947-2.879964-1.855977-2.047974-4.351946-3.071962-6.335921-4.735941-2.943963-2.495969-6.655917-4.223947-9.59988-6.847914-1.727978-1.535981-4.287946-1.791978-5.56793-3.967951-0.447994-0.83199-1.279984-1.407982-2.43197-1.727978-1.919976-0.511994-3.263959-2.111974-4.863939-3.19996-2.36797-1.59998-4.479944-3.775953-6.911914-5.439932-2.943963-1.983975-5.503931-4.607942-8.511893-6.39992-3.263959-1.983975-5.56793-5.055937-8.83189-6.911914-1.983975-1.215985-3.19996-3.455957-5.119936-4.351945-3.455957-1.535981-5.503931-4.543943-8.639892-6.39992-2.43197-1.535981-4.095949-4.415945-6.655917-5.759928-3.007962-1.59998-4.79994-4.415945-7.487906-6.271922-0.76799-0.575993-1.663979-0.639992-2.36797-1.535981-1.727978-2.111974-4.095949-3.647954-6.079924-5.503931-2.111974-1.919976-4.735941-3.19996-6.655917-5.503931-1.535981-1.663979-3.19996-3.903951-5.119936-4.671942-2.943963-1.087986-4.223947-3.711954-6.527919-5.375933-2.879964-2.047974-4.991938-4.991938-7.807902-7.231909-1.791978-1.407982-3.839952-2.559968-5.247934-4.351946C128.03616 453.383133 125.348194 451.143161 122.916224 448.83919 119.716264 445.703229 116.644302 442.43927 113.316344 439.431307 110.756376 437.127336 108.388406 434.567368 105.764438 432.263397 103.332469 430.087424 101.156496 427.655454 98.724526 425.479482 95.524566 422.535518 92.580603 419.20756 89.508642 416.071599 86.500679 412.871639 83.23672 409.927676 80.292757 406.663717 77.732789 403.783753 75.172821 400.263797 70.180883 401.351783 67.748914 401.863777 66.596928 403.399758 65.700939 405.383733 63.20497 405.63973 64.228958 407.559706 64.228958 408.647692V771.075162c0 1.471982 0.127998 2.879964 0.063999 4.287946 0 1.087986 0.383995 1.59998 1.407982 1.663979-0.639992 3.327958 1.59998 6.015925 2.111974 9.087887 0.319996 2.175973 1.727978 4.03195 2.559968 6.079924 1.215985 2.815965 3.583955 5.183935 5.247934 7.871901a21.823727 21.823727 0 0 0 5.63193 5.823927c2.303971 1.663979 4.671942 3.455957 7.16791 4.927939 2.943963 1.663979 5.759928 3.775953 8.511894 5.695929 0.83199 0.511994 1.791978 0.639992 2.687966 1.471981 2.559968 2.303971 5.823927 4.03195 8.959888 5.63193 2.111974 1.087986 4.095949 2.559968 6.39992 3.519956 5.119936 2.111974 9.471882 5.951926 14.719816 7.9999 2.943963 1.087986 5.183935 3.19996 8.191898 4.095949 0.703991 0.255997 1.535981 0.319996 2.111973 0.703991 4.223947 2.943963 9.023887 4.607942 13.567831 6.911913 0.959988 0.511994 2.175973 0.511994 2.943963 1.151986a18.815765 18.815765 0 0 0 8.319896 3.711954c0.511994 0.127998 1.023987 0.191998 1.59998 0.639992 1.279984 0.959988 2.879964 1.663979 4.351946 2.495968 1.663979 0.959988 3.839952 0.383995 5.375932 2.047975 0.575993 0.639992 1.919976 1.471982 3.007963 1.663979 4.479944 0.83199 8.639892 2.943963 12.79984 4.607942 1.279984 0.511994 2.943963 0 3.839952 0.959988 1.663979 1.727978 4.03195 1.663979 5.951925 2.559968 2.815965 1.215985 5.759928 2.175973 8.895889 2.943964 1.343983 0.319996 3.19996 0.063999 4.03195 0.959988 1.59998 1.791978 4.03195 1.919976 5.759928 2.36797 4.607942 1.087986 9.087886 2.559968 13.56783 4.095949 3.583955 1.279984 7.615905 1.535981 11.391858 2.687966 3.19996 0.895989 6.39992 1.919976 9.59988 2.495969 1.471982 0.255997 3.647954-0.319996 4.479944 0.447994 2.43197 2.43197 5.759928 1.023987 8.511893 2.367971 2.687966 1.279984 6.39992 1.791978 9.855877 1.535981 0.639992-0.063999 1.59998-0.191998 1.919976 0.127998 2.559968 2.559968 6.527918 0 8.959888 2.623967 5.759928 0.511994 11.519856 0.76799 17.151786 2.43197 3.647954 1.087986 7.679904 0.511994 11.519856 1.407982 4.671942 1.087986 9.727878 0.76799 14.591817 1.279984 3.19996 0.255997 6.335921 0.127998 9.471882 0.191998 0 1.023987 0.575993 1.407982 1.59998 1.343983h69.119136c1.023987 0 1.59998-0.319996 1.59998-1.343983 7.679904 0.383995 15.23181-1.407982 22.847714-1.151986h4.223948c1.023987 0.063999 1.59998-0.319996 1.53598-1.407982a78.079024 78.079024 0 0 0 10.239872-1.279984c5.375933-1.087986 11.007862-0.83199 16.383796-2.559968 2.687966-0.895989 5.759928-0.76799 8.639892-1.471982 3.327958-0.76799 6.847914-1.663979 10.495868-1.407982 0.383995 0 1.023987 0 1.215985-0.191998 1.791978-2.36797 4.79994-1.279984 7.167911-2.36797a18.495769 18.495769 0 0 1 8.319896-1.471982c0.383995 0 0.895989 0 1.279984-0.191997a20.479744 20.479744 0 0 1 8.191897-2.623968 54.39932 54.39932 0 0 0 11.327859-2.943963 49.983375 49.983375 0 0 1 8.383895-2.239972c0.639992-0.127998 1.343983-0.127998 1.663979-0.511993 1.59998-1.663979 3.96795-1.727978 5.759928-2.239972 3.711954-0.959988 7.23191-2.36797 10.879864-3.455957 1.215985-0.319996 2.623967 0.063999 3.647954-0.639992a22.527718 22.527718 0 0 1 9.471882-3.839952c0.575993-0.063999 1.087986-0.127998 1.59998-0.511994 1.663979-1.023987 3.19996-2.239972 5.311934-2.495969 2.943963-0.319996 5.759928-1.791978 8.319896-3.071961 2.175973-1.087986 4.607942-1.919976 6.847914-3.071962 1.727978-0.895989 3.583955-1.983975 5.695929-2.36797 3.007962-0.511994 4.991938-3.135961 8.063899-3.775953a22.719716 22.719716 0 0 0 6.527918-2.751966c3.263959-1.855977 6.655917-3.391958 9.983876-4.991937 2.111974-1.087986 4.543943-1.983975 6.271921-3.263959a47.871402 47.871402 0 0 1 8.319896-4.607943c3.711954-1.663979 6.975913-4.03195 10.687867-5.631929 3.19996-1.471982 6.079924-3.839952 9.279884-5.63193 1.59998-0.895989 3.071962-2.303971 4.607942-3.071962a63.807202 63.807202 0 0 0 5.119936-3.007962c2.175973-1.471982 4.735941-2.36797 6.591918-4.223947 1.663979-1.663979 3.903951-2.239972 5.631929-3.775953 2.047974-1.727978 4.79994-2.559968 6.719916-4.479944 0.639992-0.639992 1.023987-1.279984 1.919976-1.279984a3.071962 3.071962 0 0 0 2.367971-1.59998 5.503931 5.503931 0 0 1 2.559968-2.175973c3.007962-1.087986 4.607942-3.96795 7.423907-5.375933 1.727978-0.83199 3.19996-2.43197 4.79994-3.583955 2.751966-1.919976 5.375933-3.96795 7.9999-6.015925 1.471982-1.151986 2.751966-3.135961 4.223947-3.583955 3.19996-1.023987 4.159948-4.479944 7.167911-5.759928a9.919876 9.919876 0 0 0 2.751965-2.047974c2.303971-2.559968 5.119936-4.607942 7.679904-7.103911 1.59998-1.663979 3.775953-2.43197 5.311934-4.223948a46.207422 46.207422 0 0 1 6.015925-6.079924c1.919976-1.535981 3.711954-3.327958 5.375932-5.119936l9.59988-9.53588c3.19996-3.071962 6.207922-6.207922 9.407883-9.215885a40.319496 40.319496 0 0 0 5.119936-6.015925 32.255597 32.255597 0 0 1 5.759928-6.079924c1.663979-1.343983 2.175973-3.391958 3.711953-4.79994a27.135661 27.135661 0 0 0 5.823928-6.591918c1.727978-2.943963 4.671942-4.79994 6.271921-7.807902 1.151986-2.175973 3.391958-3.583955 4.735941-5.759928 1.343983-2.303971 3.19996-4.351946 4.927938-6.39992 1.919976-2.303971 4.095949-4.735941 5.375933-7.295909 1.343983-2.751966 3.775953-4.479944 5.119936-7.231909a43.519456 43.519456 0 0 1 4.927939-7.103912c1.279984-1.59998 2.047974-3.391958 3.13596-5.055936 1.663979-2.559968 3.455957-5.055937 5.247935-7.551906 0.703991-1.087986 0.83199-2.239972 1.791977-3.327958 1.727978-1.791978 3.647954-3.96795 3.19996-6.911914" fill="#3370FF"></path><path d="M958.745776 423.23951c-0.383995-0.447994-0.76799-0.447994-1.279984-0.575993-1.407982-0.447994-3.007962-0.76799-4.287946-1.535981a26.36767 26.36767 0 0 0-4.479944-2.559968c-2.36797-0.959988-5.119936-1.279984-7.103911-2.687966-2.751966-2.111974-6.207922-2.047974-9.151886-3.583956a22.783715 22.783715 0 0 0-6.655917-2.36797c-1.791978-0.319996-3.647954-1.151986-5.375933-1.663979-2.36797-0.76799-4.863939-1.59998-7.295908-2.239972a143.806202 143.806202 0 0 1-11.327859-3.263959 19.96775 19.96775 0 0 0-8.063899-1.343984c-0.639992-2.623967-2.751966-1.087986-4.223947-1.407982-1.919976 0-3.711954-0.959988-5.503931-1.279984-5.823927-1.023987-11.775853-1.215985-17.66378-2.559968-4.671942-1.023987-9.727878-0.447994-14.591817-1.151986-2.879964-0.383995-5.759928-0.127998-8.703891-0.191997 0-1.151986-0.575993-1.407982-1.59998-1.407983h-28.095649c-1.023987 0-1.59998 0.319996-1.59998 1.407983-7.16791-0.383995-14.207822 1.215985-21.375733 1.151985h-4.223947c-1.023987-0.063999-1.471982 0.383995-1.535981 1.343984-4.095949-0.383995-7.935901 1.407982-12.03185 1.151985a1.279984 1.279984 0 0 0-0.703991 0.191998c-3.135961 2.175973-6.975913 1.407982-10.36787 2.559968-2.687966 0.895989-5.951926 0.76799-8.511894 1.727978-2.047974 0.703991-4.351946 1.279984-6.39992 2.111974a18.623767 18.623767 0 0 1-7.9999 1.59998c0.063999 0.511994 0.191998 1.151986-0.511993 1.215985-1.59998 0.127998-3.071962 0.959988-4.479944 1.279984-4.223947 1.087986-8.191898 2.687966-12.287847 4.095948-3.583955 1.279984-6.911914 3.19996-10.431869 4.03195-4.03195 0.959988-6.847914 4.159948-11.071862 4.671942a7.103911 7.103911 0 0 0-3.647954 1.279984 13.119836 13.119836 0 0 1-3.903952 2.36797 26.36767 26.36767 0 0 0-6.39992 3.135961c-2.943963 1.919976-6.143923 3.19996-8.959888 5.119936-1.087986 0.76799-2.879964 0.447994-3.391957 1.279984-2.047974 3.583955-6.271922 3.647954-9.151886 5.887926-3.071962 2.36797-6.719916 4.159948-9.791877 6.463919-2.559968 1.919976-5.247934 3.711954-7.679904 5.759928-3.19996 2.751966-6.655917 5.247934-10.047875 7.679904-1.791978 1.279984-2.879964 3.647954-4.735941 4.223948-2.943963 1.023987-4.479944 3.455957-6.39992 5.247934-1.919976 1.919976-4.095949 3.903951-6.015925 5.951926-2.943963 3.007962-6.079924 5.823927-9.151885 8.76789-2.303971 2.175973-4.287946 4.927938-6.847915 6.591918-3.839952 2.559968-6.655917 5.951926-9.855876 8.959888-3.19996 3.007962-6.39992 6.143923-9.471882 9.279884-3.583955 3.647954-7.551906 6.911914-10.943863 10.687866-2.943963 3.327958-6.335921 6.207922-9.471882 9.279884-3.19996 3.135961-6.207922 6.463919-9.59988 9.471882a155.96605 155.96605 0 0 0-9.471881 9.471881c-2.43197 2.559968-4.991938 5.055937-7.551906 7.487907-2.559968 2.43197-4.735941 5.311934-7.935901 7.039912-0.319996 1.535981-1.59998 2.175973-2.751965 2.943963-3.327958 2.111974-5.951926 4.991938-8.83189 7.679904-1.919976 1.727978-3.455957 4.03195-5.63193 5.247934-3.583955 1.919976-6.143923 5.119936-9.343883 7.423907-3.839952 2.815965-7.807902 5.695929-11.19986 9.087887-1.663979 1.59998-4.223947 1.855977-5.311933 3.96795-0.895989 1.791978-3.19996 1.407982-4.287947 2.815965-2.239972 3.007962-5.887926 4.223947-8.575893 6.655917-1.59998 1.471982-3.839952 2.687966-5.759928 3.839952-1.215985 0.639992-2.559968 1.087986-3.583955 2.047974a41.59948 41.59948 0 0 1-8.255897 5.759928c-1.279984 0.76799-3.007962 1.279984-3.96795 2.367971-1.791978 1.919976-4.287946 2.815965-6.335921 4.479944a25.727678 25.727678 0 0 1-6.783915 4.095948c-3.19996 1.215985-5.63193 3.455957-8.575893 4.927939-3.96795 1.919976-7.679904 4.287946-11.583855 6.207922-1.023987 0.511994-2.751966 0.83199-3.327958 2.239972 0 0.895989 0.383995 1.151986 1.151985 1.59998 1.727978 1.023987 3.647954 1.279984 5.375933 1.983975 2.815965 1.279984 5.503931 2.879964 8.319896 4.03195 2.687966 1.087986 4.927938 2.943963 8.127898 3.19996a7.9999 7.9999 0 0 1 3.903952 1.919976c1.919976 1.663979 4.351946 2.303971 6.39992 3.071962 1.791978 0.639992 3.519956 1.791978 5.56793 2.175972 1.279984 0.255997 3.007962 0.191998 4.03195 0.959988 1.791978 1.407982 3.839952 2.175973 5.759928 3.327959 1.279984 0.76799 3.007962-0.255997 3.775952 0.895989 1.087986 1.59998 3.071962 1.855977 4.287947 2.303971 3.647954 1.279984 7.039912 2.751966 10.623867 4.223947 3.071962 1.279984 6.207922 2.175973 9.215885 3.839952 2.495969 1.343983 5.823927 1.407982 8.703891 2.623967 1.087986 0.511994 1.663979 1.535981 2.879964 1.663979a18.047774 18.047774 0 0 1 7.871902 2.367971c0.76799 0.511994 1.59998 1.407982 2.559968 1.59998 2.815965 0.575993 5.56793 1.279984 8.319896 2.431969 2.559968 1.023987 5.247934 2.175973 7.9359 2.559968 1.471982 0.191998 1.791978 1.663979 3.19996 1.66398 2.495969 0 4.479944 1.59998 6.847915 2.111973 3.19996 0.76799 6.335921 1.919976 9.471881 2.879964 0.703991 0.191998 1.919976-0.127998 2.239972 0.255997 1.919976 2.559968 5.119936 1.279984 7.679904 2.559968 2.751966 1.407982 6.39992 2.047974 9.59988 3.135961 2.879964 1.023987 5.759928 2.111974 8.83189 2.239972 0.511994 0 0.959988 0.127998 1.407982 0.447994 2.047974 1.279984 4.415945 1.983975 6.783916 2.559968a50.751366 50.751366 0 0 0 3.391957 0.575993c2.047974 0.319996 3.711954 1.727978 5.695929 1.855977 2.943963 0.127998 5.439932 1.919976 8.511894 2.047974 1.151986 0.063999 3.071962-0.127998 4.031949 0.83199 1.983975 1.983975 4.79994 1.855977 7.039912 2.431969 4.863939 1.279984 10.047874 0.959988 15.039812 2.623968 2.879964 1.023987 6.143923 0.639992 9.343883 1.407982 5.119936 1.151986 10.687866 0.76799 16.127799 1.087986 10.047874 0.639992 20.159748 0.383995 30.143623-0.76799 2.559968-0.319996 4.927938-0.447994 7.423907-1.087986a62.39922 62.39922 0 0 1 10.879864-1.791978c3.135961-0.255997 6.015925-1.59998 9.215885-1.279984a1.215985 1.215985 0 0 0 0.639992-0.191998c2.751966-1.727978 5.951926-1.727978 8.83189-2.687966 2.047974-0.639992 4.479944-0.575993 6.207922-1.59998a17.663779 17.663779 0 0 1 5.823927-2.239972c3.19996-0.511994 5.439932-3.19996 8.703892-2.943963 0.127998 0 0.255997-0.191998 0.383995-0.255997 2.175973-1.663979 4.863939-2.559968 7.295909-3.391958a68.479144 68.479144 0 0 0 7.743903-3.19996c3.327958-1.663979 6.527918-3.839952 9.791877-5.759928 0.959988-0.575993 2.36797 0.255997 3.071962-1.279984 0.511994-1.279984 1.727978-1.919976 3.19996-2.239972 1.663979-0.447994 3.583955-1.087986 4.287946-3.007962 0.319996-0.83199 0.959988-0.895989 1.59998-0.83199a2.43197 2.43197 0 0 0 2.175973-1.215984c2.047974-3.071962 5.56793-4.479944 8.383895-6.527919 2.943963-2.047974 5.247934-4.79994 8.319896-6.655917 3.647954-2.111974 6.271922-5.503931 9.215885-8.447894 2.495969-2.559968 4.863939-5.183935 7.487907-7.487906 2.047974-1.791978 3.007962-4.223947 5.055936-6.015925 1.407982-1.279984 3.647954-2.559968 4.223948-4.479944 0.895989-3.007962 3.327958-4.223947 5.375932-6.079924a11.711854 11.711854 0 0 1 3.135961-4.03195l0.767991-1.215985c1.087986-0.639992 0.511994-2.239972 1.663979-2.943963 2.047974-1.343983 2.815965-3.839952 3.711953-5.759928 1.407982-2.943963 3.135961-5.823927 4.79994-8.575893 1.791978-3.007962 2.879964-6.335921 5.119936-9.151885 1.663979-2.175973 2.751966-5.055937 3.967951-7.615905 2.175973-4.479944 4.415945-8.895889 6.783915-13.247834 1.407982-2.559968 2.751966-5.247934 3.96795-7.935901 1.215985-2.815965 2.815965-5.439932 4.095949-8.127899 1.279984-2.815965 3.071962-5.375933 4.095949-8.127898 1.279984-3.391958 3.19996-6.271922 4.671942-9.535881 0.447994-1.151986 0.319996-2.559968 1.151985-3.391957a16.383795 16.383795 0 0 0 3.583955-6.271922c1.279984-3.391958 4.159948-6.015925 4.479944-9.791878l0.255997-0.127998c1.279984-0.959988 1.727978-2.559968 2.43197-3.903951 1.151986-2.111974 1.663979-4.607942 3.071961-6.527919 2.175973-3.071962 3.455957-6.527918 5.119936-9.791877 1.087986-2.047974 1.919976-4.351946 3.071962-6.207923 1.919976-3.007962 3.19996-6.39992 4.991938-9.407882a38.463519 38.463519 0 0 0 3.19996-6.719916c0.575993-1.535981 1.663979-3.071962 2.623967-4.479944 1.727978-2.687966 2.943963-5.759928 5.183935-8.127898 0.959988-1.023987 0.895989-2.43197 2.047974-3.583956 1.919976-1.919976 2.943963-4.479944 4.479944-6.719916 1.151986-1.663979 1.919976-3.711954 3.26396-4.991937 2.559968-2.43197 4.479944-5.439932 6.207922-8.191898 1.727978-2.751966 3.96795-5.247934 5.951926-7.615905 3.263959-3.96795 6.783915-7.871902 10.36787-11.711853a4652.741841 4652.741841 0 0 0 9.727878-10.367871c1.919976-1.983975 1.407982-2.43197 0-3.839952" fill="#133C9A"></path></svg>
diff --git a/ui/public/imgs/providers/mattermost.svg b/ui/public/imgs/providers/mattermost.svg
new file mode 100644
index 00000000..18cc2819
--- /dev/null
+++ b/ui/public/imgs/providers/mattermost.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" width="200" height="200"><path d="M515.465911 0.01242C300.718451-1.427543 99.826634 133.353979 27.187509 347.877444c-90.654661 267.771091 52.898635 558.325595 320.665726 648.947257 267.771091 90.654661 558.325595-52.898635 648.947257-320.665726 73.698099-217.594386-7.327811-450.199385-183.932255-578.421077l5.375862 108.670197c88.097727 97.374488 122.87783 235.163933 79.006961 364.760588C831.811749 764.541694 615.912319 866.204071 415.1165 798.204826c-200.860818-67.966246-310.617986-279.83378-245.115676-473.23879 43.998865-129.949647 155.932977-218.494363 285.592631-241.915759L525.641648 0.268413A211.822535 211.822535 0 0 0 516.199892 0.044419h-0.79998zM665.996027 46.700215h-0.351991a12.193685 12.193685 0 0 0-4.959872 1.055973l0.063998-0.031999-0.159996 0.031999a14.076637 14.076637 0 0 0-4.63988 3.039921c-6.175841 6.047844-28.031277 35.327089-28.031277 35.327089L580.298238 145.097676l-55.454569 67.614256-95.231543 118.429944s-43.678873 54.526593-34.047122 121.629862c9.631751 67.166267 59.550464 99.838424 98.297464 112.990085 38.687002 13.087662 98.206466 17.407551 146.685215-30.047225C688.967434 488.258823 687.395475 418.372626 687.395475 418.372626l-3.711905-151.901081-2.975923-87.454744-2.011948-75.742046s0.415989-36.511058-0.863978-45.086836a13.914641 13.914641 0 0 0-1.53596-4.639881l0.031999 0.063999-0.255993-0.511987-0.287993-0.479988a11.878694 11.878694 0 0 0-9.759748-5.983845H665.996027z" fill="#0072C6"></path></svg>
diff --git a/ui/public/imgs/providers/telegram.svg b/ui/public/imgs/providers/telegram.svg
new file mode 100644
index 00000000..f4cd38c1
--- /dev/null
+++ b/ui/public/imgs/providers/telegram.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" width="200" height="200"><path d="M679.424 746.862l84.005-395.996c7.424-34.852-12.581-48.567-35.438-40.009L234.277 501.138c-33.72 13.13-33.134 32-5.706 40.558l126.282 39.424 293.156-184.576c13.714-9.143 26.295-3.986 16.018 5.157L426.898 615.973l-9.143 130.304c13.13 0 18.871-5.706 25.71-12.581l61.696-59.429 128 94.282c23.442 13.129 40.01 6.29 46.3-21.724zM1024 512c0 282.843-229.157 512-512 512S0 794.843 0 512 229.157 0 512 0s512 229.157 512 512z" fill="#1296DB"></path></svg>
diff --git a/ui/public/imgs/providers/wecom.svg b/ui/public/imgs/providers/wecom.svg
new file mode 100644
index 00000000..e99e59a7
--- /dev/null
+++ b/ui/public/imgs/providers/wecom.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><path d="M803.6 859.2c0 26.6-20.4 49.2-48.4 51.8-21.2 2-48.6-11-54.8-39.8-5.6-26-13.2-50.8-29-72.4-6-8.2-12.8-16-20-23.4-7.6-8-9.4-14-4.4-19.8 5-5.8 12.8-5 20.8 3.2 20.8 21 45.4 35.2 73.6 43.6 7.2 2.2 14.8 3.4 22.2 5.2 24.6 6.2 40 26.2 40 51.6z" fill="#FC6401"></path><path d="M698.2 549.8c0.2-28.4 20.8-50.2 49.6-52.6 25.6-2.2 50.6 17.6 55 45.2 6 36.2 22.8 66.2 48.4 92 3.2 3.2 5.6 9.2 5.2 13.8-0.4 7.2-9.8 10.6-16.2 6.4-3.4-2.2-6.2-5-9-7.8-25.4-24.6-55.6-39.4-90.4-45.4-24.8-4.6-42.6-26.2-42.6-51.6z" fill="#2DBD00"></path><path d="M595.4 765.2c-26.6 0-49.2-20.4-51.8-48.4-2-21.2 11-48.6 39.8-54.8 26-5.6 50.8-13.2 72.4-29 8.2-6 16-12.8 23.4-20 8-7.6 14-9.4 19.8-4.4 5.8 5 5 12.8-3.2 20.8-21 20.8-35.2 45.4-43.6 73.6-2.2 7.2-3.4 14.8-5.2 22.2-6.2 24.6-26.2 40-51.6 40z" fill="#FFCD00"></path><path d="M898.8 650c28.4 0.2 50.2 20.8 52.6 49.6 2.2 25.6-17.6 50.6-45.2 55-36.2 6-66.2 22.8-92 48.4-3.2 3.2-9.2 5.6-13.8 5.2-7.2-0.4-10.6-9.8-6.4-16.2 2.2-3.4 5-6.2 7.8-9 24.6-25.4 39.4-55.6 45.4-90.4 4.6-25 26.2-42.8 51.6-42.6z" fill="#0084F0"></path><path d="M734 208.6c-110.4-108.4-244.8-139.8-392.4-100C81.6 178.8 1.2 449.2 132.6 625.6c6.4 8.6 7.6 24.4 5.2 35.4-7 32.4-17.4 64.2-26 96.2-4.6 17.2-7.4 34.6 8 48.4 16.6 14.8 34.2 11.8 52.2 2.6 29.6-15 59.8-29.2 89-45 19-10.4 36.2-10.8 57.6-4.8 42.8 11.8 87.2 18.4 109.6 23 43.8-0.8 83.6-5.2 120.2-13.6-13.8-12-23-29.2-24.8-49-0.4-5.4-0.2-10.8 0.6-16.2-57.8 12.4-119.2 7.4-183.2-14-42.2-14.2-76.8-17.8-113.4 7-3.4 2.2-7.8 2.8-24.6 8.2 33.8-58.4 8.8-95-19.6-136.6-63.4-92-50.4-210.8 24.6-296.4 122.8-139.8 363-139.8 485.8 0.2 52.8 60.2 73.6 135.2 61.8 206.2 28 1.6 52.8 20.6 63 47.2 32-108.8 4-228.8-84.6-315.8z" fill="#0083EF"></path></svg>
diff --git a/ui/src/components/access/AccessEditDrawer.tsx b/ui/src/components/access/AccessEditDrawer.tsx
index 48002af7..7fa2f5d8 100644
--- a/ui/src/components/access/AccessEditDrawer.tsx
+++ b/ui/src/components/access/AccessEditDrawer.tsx
@@ -14,14 +14,14 @@ export type AccessEditDrawerProps = {
   data?: AccessFormProps["initialValues"];
   loading?: boolean;
   open?: boolean;
-  range?: AccessFormProps["range"];
   scene: AccessFormProps["scene"];
   trigger?: React.ReactNode;
+  usage?: AccessFormProps["usage"];
   onOpenChange?: (open: boolean) => void;
   afterSubmit?: (record: AccessModel) => void;
 };
 
-const AccessEditDrawer = ({ data, loading, trigger, scene, range, afterSubmit, ...props }: AccessEditDrawerProps) => {
+const AccessEditDrawer = ({ data, loading, trigger, scene, usage, afterSubmit, ...props }: AccessEditDrawerProps) => {
   const { t } = useTranslation();
 
   const [notificationApi, NotificationContextHolder] = notification.useNotification();
@@ -109,7 +109,7 @@ const AccessEditDrawer = ({ data, loading, trigger, scene, range, afterSubmit, .
         width={720}
         onClose={() => setOpen(false)}
       >
-        <AccessForm ref={formRef} initialValues={data} range={range} scene={scene === "add" ? "add" : "edit"} />
+        <AccessForm ref={formRef} initialValues={data} scene={scene === "add" ? "add" : "edit"} usage={usage} />
       </Drawer>
     </>
   );
diff --git a/ui/src/components/access/AccessEditModal.tsx b/ui/src/components/access/AccessEditModal.tsx
index 0d181877..9cfb5b0f 100644
--- a/ui/src/components/access/AccessEditModal.tsx
+++ b/ui/src/components/access/AccessEditModal.tsx
@@ -14,14 +14,14 @@ export type AccessEditModalProps = {
   data?: AccessFormProps["initialValues"];
   loading?: boolean;
   open?: boolean;
-  range?: AccessFormProps["range"];
+  usage?: AccessFormProps["usage"];
   scene: AccessFormProps["scene"];
   trigger?: React.ReactNode;
   onOpenChange?: (open: boolean) => void;
   afterSubmit?: (record: AccessModel) => void;
 };
 
-const AccessEditModal = ({ data, loading, trigger, scene, range, afterSubmit, ...props }: AccessEditModalProps) => {
+const AccessEditModal = ({ data, loading, trigger, scene, usage, afterSubmit, ...props }: AccessEditModalProps) => {
   const { t } = useTranslation();
 
   const [notificationApi, NotificationContextHolder] = notification.useNotification();
@@ -105,7 +105,7 @@ const AccessEditModal = ({ data, loading, trigger, scene, range, afterSubmit, ..
         onCancel={handleCancelClick}
       >
         <div className="pb-2 pt-4">
-          <AccessForm ref={formRef} initialValues={data} range={range} scene={scene === "add" ? "add" : "edit"} />
+          <AccessForm ref={formRef} initialValues={data} scene={scene === "add" ? "add" : "edit"} usage={usage} />
         </div>
       </Modal>
     </>
diff --git a/ui/src/components/access/AccessForm.tsx b/ui/src/components/access/AccessForm.tsx
index a00b0f2e..85ad8a78 100644
--- a/ui/src/components/access/AccessForm.tsx
+++ b/ui/src/components/access/AccessForm.tsx
@@ -25,10 +25,12 @@ import AccessFormCloudflareConfig from "./AccessFormCloudflareConfig";
 import AccessFormClouDNSConfig from "./AccessFormClouDNSConfig";
 import AccessFormCMCCCloudConfig from "./AccessFormCMCCCloudConfig";
 import AccessFormDeSECConfig from "./AccessFormDeSECConfig";
+import AccessFormDingTalkBotConfig from "./AccessFormDingTalkBotConfig";
 import AccessFormDNSLAConfig from "./AccessFormDNSLAConfig";
 import AccessFormDogeCloudConfig from "./AccessFormDogeCloudConfig";
 import AccessFormDynv6Config from "./AccessFormDynv6Config";
 import AccessFormEdgioConfig from "./AccessFormEdgioConfig";
+import AccessFormEmailConfig from "./AccessFormEmailConfig";
 import AccessFormGcoreConfig from "./AccessFormGcoreConfig";
 import AccessFormGnameConfig from "./AccessFormGnameConfig";
 import AccessFormGoDaddyConfig from "./AccessFormGoDaddyConfig";
@@ -36,6 +38,8 @@ import AccessFormGoogleTrustServicesConfig from "./AccessFormGoogleTrustServices
 import AccessFormHuaweiCloudConfig from "./AccessFormHuaweiCloudConfig";
 import AccessFormJDCloudConfig from "./AccessFormJDCloudConfig";
 import AccessFormKubernetesConfig from "./AccessFormKubernetesConfig";
+import AccessFormLarkBotConfig from "./AccessFormLarkBotConfig";
+import AccessFormMattermostConfig from "./AccessFormMattermostConfig";
 import AccessFormNamecheapConfig from "./AccessFormNamecheapConfig";
 import AccessFormNameDotComConfig from "./AccessFormNameDotComConfig";
 import AccessFormNameSiloConfig from "./AccessFormNameSiloConfig";
@@ -47,6 +51,7 @@ import AccessFormRainYunConfig from "./AccessFormRainYunConfig";
 import AccessFormSafeLineConfig from "./AccessFormSafeLineConfig";
 import AccessFormSSHConfig from "./AccessFormSSHConfig";
 import AccessFormSSLComConfig from "./AccessFormSSLComConfig";
+import AccessFormTelegramConfig from "./AccessFormTelegramConfig";
 import AccessFormTencentCloudConfig from "./AccessFormTencentCloudConfig";
 import AccessFormUCloudConfig from "./AccessFormUCloudConfig";
 import AccessFormUpyunConfig from "./AccessFormUpyunConfig";
@@ -54,20 +59,21 @@ import AccessFormVercelConfig from "./AccessFormVercelConfig";
 import AccessFormVolcEngineConfig from "./AccessFormVolcEngineConfig";
 import AccessFormWangsuConfig from "./AccessFormWangsuConfig";
 import AccessFormWebhookConfig from "./AccessFormWebhookConfig";
+import AccessFormWeComBotConfig from "./AccessFormWeComBotConfig";
 import AccessFormWestcnConfig from "./AccessFormWestcnConfig";
 import AccessFormZeroSSLConfig from "./AccessFormZeroSSLConfig";
 
 type AccessFormFieldValues = Partial<MaybeModelRecord<AccessModel>>;
-type AccessFormRanges = "both-dns-hosting" | "ca-only" | "notify-only";
 type AccessFormScenes = "add" | "edit";
+type AccessFormUsages = "both-dns-hosting" | "ca-only" | "notification-only";
 
 export type AccessFormProps = {
   className?: string;
   style?: React.CSSProperties;
   disabled?: boolean;
   initialValues?: AccessFormFieldValues;
-  range?: AccessFormRanges;
   scene: AccessFormScenes;
+  usage?: AccessFormUsages;
   onValuesChange?: (values: AccessFormFieldValues) => void;
 };
 
@@ -77,7 +83,7 @@ export type AccessFormInstance = {
   validateFields: FormInstance<AccessFormFieldValues>["validateFields"];
 };
 
-const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className, style, disabled, initialValues, range, scene, onValuesChange }, ref) => {
+const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className, style, disabled, initialValues, usage, scene, onValuesChange }, ref) => {
   const { t } = useTranslation();
 
   const formSchema = z.object({
@@ -88,13 +94,14 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
       .trim(),
     provider: z.nativeEnum(ACCESS_PROVIDERS, {
       message:
-        range === "ca-only"
+        usage === "ca-only"
           ? t("access.form.certificate_authority.placeholder")
-          : range === "notify-only"
+          : usage === "notification-only"
             ? t("access.form.notification_channel.placeholder")
             : t("access.form.provider.placeholder"),
     }),
     config: z.any(),
+    reserve: z.string().nullish(),
   });
   const formRule = createSchemaFieldRule(formSchema);
   const { form: formInst, formProps } = useAntdForm({
@@ -102,33 +109,33 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
   });
 
   const providerLabel = useMemo(() => {
-    switch (range) {
+    switch (usage) {
       case "ca-only":
         return t("access.form.certificate_authority.label");
-      case "notify-only":
+      case "notification-only":
         return t("access.form.notification_channel.label");
     }
 
     return t("access.form.provider.label");
-  }, [range]);
+  }, [usage]);
   const providerPlaceholder = useMemo(() => {
-    switch (range) {
+    switch (usage) {
       case "ca-only":
         return t("access.form.certificate_authority.placeholder");
-      case "notify-only":
+      case "notification-only":
         return t("access.form.notification_channel.placeholder");
     }
 
     return t("access.form.provider.placeholder");
-  }, [range]);
+  }, [usage]);
   const providerTooltip = useMemo(() => {
-    switch (range) {
+    switch (usage) {
       case "both-dns-hosting":
         return <span dangerouslySetInnerHTML={{ __html: t("access.form.provider.tooltip") }}></span>;
     }
 
     return undefined;
-  }, [range]);
+  }, [usage]);
 
   const fieldProvider = Form.useWatch("provider", formInst);
 
@@ -179,6 +186,8 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
         return <AccessFormCMCCCloudConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.DESEC:
         return <AccessFormDeSECConfig {...nestedFormProps} />;
+      case ACCESS_PROVIDERS.DINGTALKBOT:
+        return <AccessFormDingTalkBotConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.DNSLA:
         return <AccessFormDNSLAConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.DOGECLOUD:
@@ -195,12 +204,18 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
         return <AccessFormGoogleTrustServicesConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.EDGIO:
         return <AccessFormEdgioConfig {...nestedFormProps} />;
+      case ACCESS_PROVIDERS.EMAIL:
+        return <AccessFormEmailConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.HUAWEICLOUD:
         return <AccessFormHuaweiCloudConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.JDCLOUD:
         return <AccessFormJDCloudConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.KUBERNETES:
         return <AccessFormKubernetesConfig {...nestedFormProps} />;
+      case ACCESS_PROVIDERS.LARKBOT:
+        return <AccessFormLarkBotConfig {...nestedFormProps} />;
+      case ACCESS_PROVIDERS.MATTERMOST:
+        return <AccessFormMattermostConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.NAMECHEAP:
         return <AccessFormNamecheapConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.NAMEDOTCOM:
@@ -221,6 +236,8 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
         return <AccessFormSafeLineConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.SSH:
         return <AccessFormSSHConfig {...nestedFormProps} />;
+      case ACCESS_PROVIDERS.TELEGRAM:
+        return <AccessFormTelegramConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.SSLCOM:
         return <AccessFormSSLComConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.TENCENTCLOUD:
@@ -236,7 +253,14 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
       case ACCESS_PROVIDERS.WANGSU:
         return <AccessFormWangsuConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.WEBHOOK:
-        return <AccessFormWebhookConfig {...nestedFormProps} />;
+        return (
+          <AccessFormWebhookConfig
+            usage={usage === "notification-only" ? "notification" : usage === "both-dns-hosting" ? "deployment" : "none"}
+            {...nestedFormProps}
+          />
+        );
+      case ACCESS_PROVIDERS.WECOMBOT:
+        return <AccessFormWeComBotConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.WESTCN:
         return <AccessFormWestcnConfig {...nestedFormProps} />;
       case ACCESS_PROVIDERS.ZEROSSL:
@@ -260,6 +284,7 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
       getFieldsValue: () => {
         const values = formInst.getFieldsValue(true);
         values.config = nestedFormInst.getFieldsValue();
+        values.reserve = usage === "ca-only" ? "ca" : usage === "notification-only" ? "notification" : undefined;
         return values;
       },
       resetFields: (fields) => {
@@ -288,20 +313,20 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
           <Form.Item name="provider" label={providerLabel} rules={[formRule]} tooltip={providerTooltip}>
             <AccessProviderSelect
               filter={(record) => {
-                if (range == null) return true;
+                if (usage == null) return true;
 
-                switch (range) {
+                switch (usage) {
                   case "both-dns-hosting":
                     return record.usages.includes(ACCESS_USAGES.DNS) || record.usages.includes(ACCESS_USAGES.HOSTING);
                   case "ca-only":
                     return record.usages.includes(ACCESS_USAGES.CA);
-                  case "notify-only":
+                  case "notification-only":
                     return record.usages.includes(ACCESS_USAGES.NOTIFICATION);
                 }
               }}
               disabled={scene !== "add"}
               placeholder={providerPlaceholder}
-              showOptionTags={range == null || (range === "both-dns-hosting" ? { [ACCESS_USAGES.DNS]: true, [ACCESS_USAGES.HOSTING]: true } : false)}
+              showOptionTags={usage == null || (usage === "both-dns-hosting" ? { [ACCESS_USAGES.DNS]: true, [ACCESS_USAGES.HOSTING]: true } : false)}
               showSearch={!disabled}
             />
           </Form.Item>
diff --git a/ui/src/components/access/AccessFormDingTalkBotConfig.tsx b/ui/src/components/access/AccessFormDingTalkBotConfig.tsx
new file mode 100644
index 00000000..35aebf6e
--- /dev/null
+++ b/ui/src/components/access/AccessFormDingTalkBotConfig.tsx
@@ -0,0 +1,68 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForDingTalkBot } from "@/domain/access";
+
+type AccessFormDingTalkBotConfigFieldValues = Nullish<AccessConfigForDingTalkBot>;
+
+export type AccessFormDingTalkBotConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormDingTalkBotConfigFieldValues;
+  onValuesChange?: (values: AccessFormDingTalkBotConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormDingTalkBotConfigFieldValues => {
+  return {
+    webhookUrl: "",
+    secret: "",
+  };
+};
+
+const AccessFormDingTalkBotConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormDingTalkBotConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    webhookUrl: z.string().url(t("common.errmsg.url_invalid")),
+    secret: z.string().nonempty(t("access.form.dingtalkbot_secret.placeholder")).trim(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="webhookUrl"
+        label={t("access.form.dingtalkbot_webhook_url.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.dingtalkbot_webhook_url.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.dingtalkbot_webhook_url.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secret"
+        label={t("access.form.dingtalkbot_secret.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.dingtalkbot_secret.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.dingtalkbot_secret.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormDingTalkBotConfig;
diff --git a/ui/src/components/access/AccessFormEmailConfig.tsx b/ui/src/components/access/AccessFormEmailConfig.tsx
new file mode 100644
index 00000000..ae79794a
--- /dev/null
+++ b/ui/src/components/access/AccessFormEmailConfig.tsx
@@ -0,0 +1,125 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input, InputNumber, Switch } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForEmail } from "@/domain/access";
+import { validEmailAddress, validPortNumber } from "@/utils/validators";
+
+type AccessFormEmailConfigFieldValues = Nullish<AccessConfigForEmail>;
+
+export type AccessFormEmailConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormEmailConfigFieldValues;
+  onValuesChange?: (values: AccessFormEmailConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormEmailConfigFieldValues => {
+  return {
+    smtpHost: "",
+    smtpPort: 465,
+    smtpTls: true,
+    username: "",
+    password: "",
+  };
+};
+
+const AccessFormEmailConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormEmailConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    smtpHost: z
+      .string()
+      .min(1, t("access.form.email_smtp_host.placeholder"))
+      .max(256, t("common.errmsg.string_max", { max: 256 })),
+    smtpPort: z.preprocess(
+      (v) => Number(v),
+      z.number().refine((v) => validPortNumber(v), t("common.errmsg.port_invalid"))
+    ),
+    smtpTls: z.boolean().nullish(),
+    username: z
+      .string()
+      .min(1, t("access.form.email_username.placeholder"))
+      .max(256, t("common.errmsg.string_max", { max: 256 })),
+    password: z
+      .string()
+      .min(1, t("access.form.email_password.placeholder"))
+      .max(256, t("common.errmsg.string_max", { max: 256 })),
+    defaultSenderAddress: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+        return validEmailAddress(v);
+      }, t("common.errmsg.email_invalid")),
+    defaultReceiverAddress: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+        return validEmailAddress(v);
+      }, t("common.errmsg.email_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleTlsSwitchChange = (checked: boolean) => {
+    const oldPort = formInst.getFieldValue("smtpPort");
+    const newPort = checked && (oldPort == null || oldPort === 25) ? 465 : !checked && (oldPort == null || oldPort === 465) ? 25 : oldPort;
+    if (newPort !== oldPort) {
+      formInst.setFieldValue("smtpPort", newPort);
+    }
+  };
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <div className="flex space-x-2">
+        <div className="w-3/5">
+          <Form.Item name="smtpHost" label={t("access.form.email_smtp_host.label")} rules={[formRule]}>
+            <Input placeholder={t("access.form.email_smtp_host.placeholder")} />
+          </Form.Item>
+        </div>
+
+        <div className="w-2/5">
+          <Form.Item name="smtpPort" label={t("access.form.email_smtp_port.label")} rules={[formRule]}>
+            <InputNumber className="w-full" placeholder={t("access.form.email_smtp_port.placeholder")} min={1} max={65535} />
+          </Form.Item>
+        </div>
+      </div>
+
+      <Form.Item name="smtpTls" label={t("access.form.email_smtp_tls.label")} rules={[formRule]}>
+        <Switch onChange={handleTlsSwitchChange} />
+      </Form.Item>
+
+      <Form.Item name="username" label={t("access.form.email_username.label")} rules={[formRule]}>
+        <Input autoComplete="new-password" placeholder={t("access.form.email_username.placeholder")} />
+      </Form.Item>
+
+      <Form.Item name="password" label={t("access.form.email_password.label")} rules={[formRule]}>
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.email_password.placeholder")} />
+      </Form.Item>
+
+      <Form.Item name="defaultSenderAddress" label={t("access.form.email_default_sender_address.label")} rules={[formRule]}>
+        <Input type="email" allowClear placeholder={t("access.form.email_default_sender_address.placeholder")} />
+      </Form.Item>
+
+      <Form.Item name="defaultReceiverAddress" label={t("access.form.email_default_receiver_address.label")} rules={[formRule]}>
+        <Input type="email" allowClear placeholder={t("access.form.email_default_receiver_address.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormEmailConfig;
diff --git a/ui/src/components/access/AccessFormLarkBotConfig.tsx b/ui/src/components/access/AccessFormLarkBotConfig.tsx
new file mode 100644
index 00000000..2a07505e
--- /dev/null
+++ b/ui/src/components/access/AccessFormLarkBotConfig.tsx
@@ -0,0 +1,57 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForLarkBot } from "@/domain/access";
+
+type AccessFormLarkBotConfigFieldValues = Nullish<AccessConfigForLarkBot>;
+
+export type AccessFormLarkBotConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormLarkBotConfigFieldValues;
+  onValuesChange?: (values: AccessFormLarkBotConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormLarkBotConfigFieldValues => {
+  return {
+    webhookUrl: "",
+  };
+};
+
+const AccessFormLarkBotConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormLarkBotConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    webhookUrl: z.string().url(t("common.errmsg.url_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="webhookUrl"
+        label={t("access.form.larkbot_webhook_url.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.larkbot_webhook_url.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.larkbot_webhook_url.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormLarkBotConfig;
diff --git a/ui/src/components/access/AccessFormMattermostConfig.tsx b/ui/src/components/access/AccessFormMattermostConfig.tsx
new file mode 100644
index 00000000..a583cc19
--- /dev/null
+++ b/ui/src/components/access/AccessFormMattermostConfig.tsx
@@ -0,0 +1,79 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForMattermost } from "@/domain/access";
+
+type AccessFormMattermostConfigFieldValues = Nullish<AccessConfigForMattermost>;
+
+export type AccessFormMattermostConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormMattermostConfigFieldValues;
+  onValuesChange?: (values: AccessFormMattermostConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormMattermostConfigFieldValues => {
+  return {
+    serverUrl: "http://<your-host-addr>:8065/",
+    username: "",
+    password: "",
+  };
+};
+
+const AccessFormMattermostConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormMattermostConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    serverUrl: z.string().url(t("common.errmsg.url_invalid")),
+    username: z.string().nonempty(t("access.form.mattermost_username.placeholder")),
+    password: z.string().nonempty(t("access.form.mattermost_password.placeholder")),
+    defaultChannelId: z.string().nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="serverUrl"
+        label={t("access.form.mattermost_server_url.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.mattermost_server_url.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.mattermost_server_url.placeholder")} />
+      </Form.Item>
+
+      <Form.Item name="username" label={t("access.form.mattermost_username.label")} rules={[formRule]}>
+        <Input placeholder={t("access.form.mattermost_username.placeholder")} />
+      </Form.Item>
+
+      <Form.Item name="password" label={t("access.form.mattermost_password.label")} rules={[formRule]}>
+        <Input.Password placeholder={t("access.form.mattermost_password.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="defaultChannelId"
+        label={t("access.form.mattermost_default_channel_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.mattermost_default_channel_id.tooltip") }}></span>}
+      >
+        <Input allowClear placeholder={t("access.form.mattermost_default_channel_id.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormMattermostConfig;
diff --git a/ui/src/components/access/AccessFormSSHConfig.tsx b/ui/src/components/access/AccessFormSSHConfig.tsx
index 6d3615cf..ebaeba90 100644
--- a/ui/src/components/access/AccessFormSSHConfig.tsx
+++ b/ui/src/components/access/AccessFormSSHConfig.tsx
@@ -31,13 +31,11 @@ const AccessFormSSHConfig = ({ form: formInst, formName, disabled, initialValues
   const { t } = useTranslation();
 
   const formSchema = z.object({
-    host: z
-      .string({ message: t("access.form.ssh_host.placeholder") })
-      .refine((v) => validDomainName(v) || validIPv4Address(v) || validIPv6Address(v), t("common.errmsg.host_invalid")),
+    host: z.string().refine((v) => validDomainName(v) || validIPv4Address(v) || validIPv6Address(v), t("common.errmsg.host_invalid")),
     port: z.preprocess(
       (v) => Number(v),
       z
-        .number({ message: t("access.form.ssh_port.placeholder") })
+        .number()
         .int(t("access.form.ssh_port.placeholder"))
         .refine((v) => validPortNumber(v), t("common.errmsg.port_invalid"))
     ),
diff --git a/ui/src/components/access/AccessFormTelegramConfig.tsx b/ui/src/components/access/AccessFormTelegramConfig.tsx
new file mode 100644
index 00000000..a4eccafb
--- /dev/null
+++ b/ui/src/components/access/AccessFormTelegramConfig.tsx
@@ -0,0 +1,81 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForTelegram } from "@/domain/access";
+
+type AccessFormTelegramConfigFieldValues = Nullish<AccessConfigForTelegram>;
+
+export type AccessFormTelegramConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormTelegramConfigFieldValues;
+  onValuesChange?: (values: AccessFormTelegramConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormTelegramConfigFieldValues => {
+  return {
+    botToken: "",
+  };
+};
+
+const AccessFormTelegramConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormTelegramConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    botToken: z
+      .string({ message: t("access.form.telegram_bot_token.placeholder") })
+      .min(1, t("access.form.telegram_bot_token.placeholder"))
+      .max(256, t("common.errmsg.string_max", { max: 256 })),
+    defaultChatId: z
+      .preprocess(
+        (v) => (v == null || v === "" ? undefined : Number(v)),
+        z
+          .number()
+          .nullish()
+          .refine((v) => {
+            if (v == null || v + "" === "") return true;
+            return /^\d+$/.test(v + "") && +v! > 0;
+          }, t("access.form.telegram_default_chat_id.placeholder"))
+      )
+      .nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="botToken"
+        label={t("access.form.telegram_bot_token.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.telegram_bot_token.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.telegram_bot_token.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="defaultChatId"
+        label={t("access.form.telegram_default_chat_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.telegram_default_chat_id.tooltip") }}></span>}
+      >
+        <Input type="number" allowClear placeholder={t("access.form.telegram_default_chat_id.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormTelegramConfig;
diff --git a/ui/src/components/access/AccessFormWeComBotConfig.tsx b/ui/src/components/access/AccessFormWeComBotConfig.tsx
new file mode 100644
index 00000000..16a205f5
--- /dev/null
+++ b/ui/src/components/access/AccessFormWeComBotConfig.tsx
@@ -0,0 +1,57 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForWeComBot } from "@/domain/access";
+
+type AccessFormWeComBotConfigFieldValues = Nullish<AccessConfigForWeComBot>;
+
+export type AccessFormWeComBotConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormWeComBotConfigFieldValues;
+  onValuesChange?: (values: AccessFormWeComBotConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormWeComBotConfigFieldValues => {
+  return {
+    webhookUrl: "",
+  };
+};
+
+const AccessFormWeComBotConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormWeComBotConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    webhookUrl: z.string().url(t("common.errmsg.url_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="webhookUrl"
+        label={t("access.form.wecombot_webhook_url.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.wecombot_webhook_url.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.wecombot_webhook_url.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormWeComBotConfig;
diff --git a/ui/src/components/access/AccessFormWebhookConfig.tsx b/ui/src/components/access/AccessFormWebhookConfig.tsx
index 89280d79..6a07553a 100644
--- a/ui/src/components/access/AccessFormWebhookConfig.tsx
+++ b/ui/src/components/access/AccessFormWebhookConfig.tsx
@@ -1,8 +1,10 @@
 import { useTranslation } from "react-i18next";
-import { Form, type FormInstance, Input, Switch } from "antd";
+import { DownOutlined as DownOutlinedIcon } from "@ant-design/icons";
+import { Alert, Button, Dropdown, Form, type FormInstance, Input, Select, Switch } from "antd";
 import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
+import Show from "@/components/Show";
 import { type AccessConfigForWebhook } from "@/domain/access";
 
 type AccessFormWebhookConfigFieldValues = Nullish<AccessConfigForWebhook>;
@@ -12,24 +14,241 @@ export type AccessFormWebhookConfigProps = {
   formName: string;
   disabled?: boolean;
   initialValues?: AccessFormWebhookConfigFieldValues;
+  usage?: "deployment" | "notification" | "none";
   onValuesChange?: (values: AccessFormWebhookConfigFieldValues) => void;
 };
 
 const initFormModel = (): AccessFormWebhookConfigFieldValues => {
   return {
     url: "",
+    method: "POST",
+    headers: "Content-Type: application/json",
+    allowInsecureConnections: false,
+    defaultDataForDeployment: JSON.stringify(
+      {
+        name: "${DOMAINS}",
+        cert: "${CERTIFICATE}",
+        privkey: "${PRIVATE_KEY}",
+      },
+      null,
+      2
+    ),
+    defaultDataForNotification: JSON.stringify(
+      {
+        subject: "${SUBJECT}",
+        message: "${MESSAGE}",
+      },
+      null,
+      2
+    ),
   };
 };
 
-const AccessFormWebhookConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormWebhookConfigProps) => {
+const AccessFormWebhookConfig = ({ form: formInst, formName, disabled, initialValues, usage, onValuesChange }: AccessFormWebhookConfigProps) => {
   const { t } = useTranslation();
 
   const formSchema = z.object({
-    url: z.string({ message: t("access.form.webhook_url.placeholder") }).url(t("common.errmsg.url_invalid")),
+    url: z.string().url(t("common.errmsg.url_invalid")),
+    method: z.union([z.literal("GET"), z.literal("POST"), z.literal("PUT"), z.literal("PATCH"), z.literal("DELETE")], {
+      message: t("access.form.webhook_method.placeholder"),
+    }),
+    headers: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+
+        const lines = v.split(/\r?\n/);
+        for (const line of lines) {
+          if (line.split(":").length < 2) {
+            return false;
+          }
+        }
+        return true;
+      }, t("access.form.webhook_headers.errmsg.invalid")),
     allowInsecureConnections: z.boolean().nullish(),
+    defaultDataForDeployment: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (usage && usage !== "deployment") return true;
+        if (!v) return true;
+
+        try {
+          const obj = JSON.parse(v);
+          return typeof obj === "object" && !Array.isArray(obj);
+        } catch {
+          return false;
+        }
+      }, t("access.form.webhook_default_data.errmsg.json_invalid")),
+    defaultDataForNotification: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (usage && usage !== "notification") return true;
+        if (!v) return true;
+
+        try {
+          const obj = JSON.parse(v);
+          return typeof obj === "object" && !Array.isArray(obj);
+        } catch {
+          return false;
+        }
+      }, t("access.form.webhook_default_data.errmsg.json_invalid")),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
+  const handleWebhookHeadersBlur = (e: React.FocusEvent<HTMLTextAreaElement>) => {
+    let value = e.target.value;
+    value = value.trim();
+    value = value.replace(/(?<!\r)\n/g, "\r\n");
+    formInst.setFieldValue("headers", value);
+  };
+
+  const handleWebhookDataForDeploymentBlur = (e: React.FocusEvent<HTMLTextAreaElement>) => {
+    const value = e.target.value;
+    try {
+      const json = JSON.stringify(JSON.parse(value), null, 2);
+      formInst.setFieldValue("defaultDataForDeployment", json);
+    } catch {
+      return;
+    }
+  };
+
+  const handleWebhookDataForNotificationBlur = (e: React.FocusEvent<HTMLTextAreaElement>) => {
+    const value = e.target.value;
+    try {
+      const json = JSON.stringify(JSON.parse(value), null, 2);
+      formInst.setFieldValue("defaultDataForNotification", json);
+    } catch {
+      return;
+    }
+  };
+
+  const handlePresetDataForDeploymentClick = () => {
+    formInst.setFieldValue("defaultDataForDeployment", initFormModel().defaultDataForDeployment);
+  };
+
+  const handlePresetDataForNotificationClick = (key: string) => {
+    switch (key) {
+      case "bark":
+        formInst.setFieldValue("url", "https://api.day.app/push");
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json\r\nAuthorization: Bearer <your-gotify-token>");
+        formInst.setFieldValue(
+          "defaultDataForNotification",
+          JSON.stringify(
+            {
+              title: "${SUBJECT}",
+              body: "${MESSAGE}",
+              group: "<your-bark-group>",
+              device_keys: "<your-bark-device-key>",
+            },
+            null,
+            2
+          )
+        );
+        break;
+
+      case "gotify":
+        formInst.setFieldValue("url", "https://<your-gotify-server>/");
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json\r\nAuthorization: Bearer <your-gotify-token>");
+        formInst.setFieldValue(
+          "defaultDataForNotification",
+          JSON.stringify(
+            {
+              title: "${SUBJECT}",
+              message: "${MESSAGE}",
+              priority: 1,
+            },
+            null,
+            2
+          )
+        );
+        break;
+
+      case "ntfy":
+        formInst.setFieldValue("url", "https://<your-ntfy-server>/");
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json");
+        formInst.setFieldValue(
+          "defaultDataForNotification",
+          JSON.stringify(
+            {
+              topic: "<your-ntfy-topic>",
+              title: "${SUBJECT}",
+              message: "${MESSAGE}",
+              priority: 1,
+            },
+            null,
+            2
+          )
+        );
+        break;
+
+      case "pushover":
+        formInst.setFieldValue("url", "https://api.pushover.net/1/messages.json");
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json");
+        formInst.setFieldValue(
+          "defaultDataForNotification",
+          JSON.stringify(
+            {
+              token: "<your-pushover-token>",
+              user: "<your-pushover-user>",
+              title: "${SUBJECT}",
+              message: "${MESSAGE}",
+            },
+            null,
+            2
+          )
+        );
+        break;
+
+      case "pushplus":
+        formInst.setFieldValue("url", "https://www.pushplus.plus/send");
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json");
+        formInst.setFieldValue(
+          "defaultDataForNotification",
+          JSON.stringify(
+            {
+              token: "<your-pushplus-token>",
+              title: "${SUBJECT}",
+              content: "${MESSAGE}",
+            },
+            null,
+            2
+          )
+        );
+        break;
+
+      case "serverchan":
+        formInst.setFieldValue("url", "https://sctapi.ftqq.com/<your-serverchan-key>.send");
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json");
+        formInst.setFieldValue(
+          "defaultDataForNotification",
+          JSON.stringify(
+            {
+              text: "${SUBJECT}",
+              desp: "${MESSAGE}",
+            },
+            null,
+            2
+          )
+        );
+        break;
+
+      default:
+        formInst.setFieldValue("method", "POST");
+        formInst.setFieldValue("headers", "Content-Type: application/json");
+        formInst.setFieldValue("defaultDataForNotification", initFormModel().defaultDataForNotification);
+        break;
+    }
+  };
+
   const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
     onValuesChange?.(values);
   };
@@ -47,6 +266,92 @@ const AccessFormWebhookConfig = ({ form: formInst, formName, disabled, initialVa
         <Input placeholder={t("access.form.webhook_url.placeholder")} />
       </Form.Item>
 
+      <Form.Item name="method" label={t("access.form.webhook_method.label")} rules={[formRule]}>
+        <Select
+          options={["GET", "POST", "PUT", "PATCH", "DELETE"].map((s) => ({ label: s, value: s }))}
+          placeholder={t("access.form.webhook_method.placeholder")}
+        />
+      </Form.Item>
+
+      <Form.Item
+        name="headers"
+        label={t("access.form.webhook_headers.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.webhook_headers.tooltip") }}></span>}
+      >
+        <Input.TextArea autoSize={{ minRows: 3, maxRows: 5 }} placeholder={t("access.form.webhook_headers.placeholder")} onBlur={handleWebhookHeadersBlur} />
+      </Form.Item>
+
+      <Show when={!usage || usage === "deployment"}>
+        <Form.Item className="mb-0">
+          <label className="mb-1 block">
+            <div className="flex w-full items-center justify-between gap-4">
+              <div className="max-w-full grow truncate">
+                <span>{t("access.form.webhook_default_data_for_deployment.label")}</span>
+              </div>
+              <div className="text-right">
+                <Button size="small" type="link" onClick={handlePresetDataForDeploymentClick}>
+                  {t("access.form.webhook_preset_data.button")}
+                </Button>
+              </div>
+            </div>
+          </label>
+          <Form.Item name="defaultDataForDeployment" rules={[formRule]}>
+            <Input.TextArea
+              allowClear
+              autoSize={{ minRows: 3, maxRows: 10 }}
+              placeholder={t("access.form.webhook_default_data_for_deployment.placeholder")}
+              onBlur={handleWebhookDataForDeploymentBlur}
+            />
+          </Form.Item>
+        </Form.Item>
+
+        <Form.Item>
+          <Alert type="info" message={<span dangerouslySetInnerHTML={{ __html: t("access.form.webhook_default_data_for_deployment.guide") }}></span>} />
+        </Form.Item>
+      </Show>
+
+      <Show when={!usage || usage === "notification"}>
+        <Form.Item className="mb-0">
+          <label className="mb-1 block">
+            <div className="flex w-full items-center justify-between gap-4">
+              <div className="max-w-full grow truncate">
+                <span>{t("access.form.webhook_default_data_for_notification.label")}</span>
+              </div>
+              <div className="text-right">
+                <Dropdown
+                  menu={{
+                    items: ["bark", "ntfy", "gotify", "pushover", "pushplus", "serverchan", "common"].map((key) => ({
+                      key,
+                      label: t(`access.form.webhook_preset_data.option.${key}.label`),
+                      onClick: () => handlePresetDataForNotificationClick(key),
+                    })),
+                  }}
+                  trigger={["click"]}
+                >
+                  <Button size="small" type="link">
+                    {t("access.form.webhook_preset_data.button")}
+                    <DownOutlinedIcon />
+                  </Button>
+                </Dropdown>
+              </div>
+            </div>
+          </label>
+          <Form.Item name="defaultDataForNotification" rules={[formRule]}>
+            <Input.TextArea
+              allowClear
+              autoSize={{ minRows: 3, maxRows: 10 }}
+              placeholder={t("access.form.webhook_default_data_for_notification.placeholder")}
+              onBlur={handleWebhookDataForNotificationBlur}
+            />
+          </Form.Item>
+        </Form.Item>
+
+        <Form.Item>
+          <Alert type="info" message={<span dangerouslySetInnerHTML={{ __html: t("access.form.webhook_default_data_for_notification.guide") }}></span>} />
+        </Form.Item>
+      </Show>
+
       <Form.Item
         name="allowInsecureConnections"
         label={t("access.form.webhook_allow_insecure_conns.label")}
diff --git a/ui/src/components/notification/NotifyChannelEditForm.tsx b/ui/src/components/notification/NotifyChannelEditForm.tsx
index c9af4acd..5d613ea5 100644
--- a/ui/src/components/notification/NotifyChannelEditForm.tsx
+++ b/ui/src/components/notification/NotifyChannelEditForm.tsx
@@ -34,6 +34,9 @@ export type NotifyChannelEditFormInstance = {
   validateFields: FormInstance<NotifyChannelEditFormFieldValues>["validateFields"];
 };
 
+/**
+ * @deprecated
+ */
 const NotifyChannelEditForm = forwardRef<NotifyChannelEditFormInstance, NotifyChannelEditFormProps>(
   ({ className, style, channel, disabled, initialValues, onValuesChange }, ref) => {
     const { form: formInst, formProps } = useAntdForm({
diff --git a/ui/src/components/notification/NotifyChannelEditFormMattermostFields.tsx b/ui/src/components/notification/NotifyChannelEditFormMattermostFields.tsx
index a847be75..829a2a0d 100644
--- a/ui/src/components/notification/NotifyChannelEditFormMattermostFields.tsx
+++ b/ui/src/components/notification/NotifyChannelEditFormMattermostFields.tsx
@@ -7,9 +7,7 @@ const NotifyChannelEditFormMattermostFields = () => {
   const { t } = useTranslation();
 
   const formSchema = z.object({
-    serverUrl: z
-      .string({ message: t("settings.notification.channel.form.mattermost_server_url.placeholder") })
-      .url(t("common.errmsg.url_invalid")),
+    serverUrl: z.string({ message: t("settings.notification.channel.form.mattermost_server_url.placeholder") }).url(t("common.errmsg.url_invalid")),
     channelId: z
       .string({ message: t("settings.notification.channel.form.mattermost_channel_id.placeholder") })
       .nonempty(t("settings.notification.channel.form.mattermost_channel_id.placeholder")),
@@ -42,19 +40,11 @@ const NotifyChannelEditFormMattermostFields = () => {
         <Input placeholder={t("settings.notification.channel.form.mattermost_channel_id.placeholder")} />
       </Form.Item>
 
-      <Form.Item
-        name="username"
-        label={t("settings.notification.channel.form.mattermost_username.label")}
-        rules={[formRule]}
-      >
+      <Form.Item name="username" label={t("settings.notification.channel.form.mattermost_username.label")} rules={[formRule]}>
         <Input placeholder={t("settings.notification.channel.form.mattermost_username.placeholder")} />
       </Form.Item>
 
-      <Form.Item
-        name="password"
-        label={t("settings.notification.channel.form.mattermost_password.label")}
-        rules={[formRule]}
-      >
+      <Form.Item name="password" label={t("settings.notification.channel.form.mattermost_password.label")} rules={[formRule]}>
         <Input.Password placeholder={t("settings.notification.channel.form.mattermost_password.placeholder")} />
       </Form.Item>
     </>
diff --git a/ui/src/components/provider/ApplyDNSProviderPicker.tsx b/ui/src/components/provider/ACMEDns01ProviderPicker.tsx
similarity index 86%
rename from ui/src/components/provider/ApplyDNSProviderPicker.tsx
rename to ui/src/components/provider/ACMEDns01ProviderPicker.tsx
index bcf65965..7f99cf6a 100644
--- a/ui/src/components/provider/ApplyDNSProviderPicker.tsx
+++ b/ui/src/components/provider/ACMEDns01ProviderPicker.tsx
@@ -3,9 +3,9 @@ import { useTranslation } from "react-i18next";
 import { Avatar, Card, Col, Empty, Flex, Input, type InputRef, Row, Typography } from "antd";
 
 import Show from "@/components/Show";
-import { applyDNSProvidersMap } from "@/domain/provider";
+import { acmeDns01ProvidersMap } from "@/domain/provider";
 
-export type ApplyDNSProviderPickerProps = {
+export type ACMEDns01ProviderPickerProps = {
   className?: string;
   style?: React.CSSProperties;
   autoFocus?: boolean;
@@ -13,7 +13,7 @@ export type ApplyDNSProviderPickerProps = {
   onSelect?: (value: string) => void;
 };
 
-const ApplyDNSProviderPicker = ({ className, style, autoFocus, placeholder, onSelect }: ApplyDNSProviderPickerProps) => {
+const ACMEDns01ProviderPicker = ({ className, style, autoFocus, placeholder, onSelect }: ACMEDns01ProviderPickerProps) => {
   const { t } = useTranslation();
 
   const [keyword, setKeyword] = useState<string>();
@@ -25,7 +25,7 @@ const ApplyDNSProviderPicker = ({ className, style, autoFocus, placeholder, onSe
   }, []);
 
   const providers = useMemo(() => {
-    return Array.from(applyDNSProvidersMap.values()).filter((provider) => {
+    return Array.from(acmeDns01ProvidersMap.values()).filter((provider) => {
       if (keyword) {
         const value = keyword.toLowerCase();
         return provider.type.toLowerCase().includes(value) || t(provider.name).toLowerCase().includes(value);
@@ -72,4 +72,4 @@ const ApplyDNSProviderPicker = ({ className, style, autoFocus, placeholder, onSe
   );
 };
 
-export default memo(ApplyDNSProviderPicker);
+export default memo(ACMEDns01ProviderPicker);
diff --git a/ui/src/components/provider/ApplyDNSProviderSelect.tsx b/ui/src/components/provider/ACMEDns01ProviderSelect.tsx
similarity index 77%
rename from ui/src/components/provider/ApplyDNSProviderSelect.tsx
rename to ui/src/components/provider/ACMEDns01ProviderSelect.tsx
index f7e3c259..b03adf7b 100644
--- a/ui/src/components/provider/ApplyDNSProviderSelect.tsx
+++ b/ui/src/components/provider/ACMEDns01ProviderSelect.tsx
@@ -2,21 +2,21 @@ import { memo, useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Avatar, Select, type SelectProps, Space, Typography } from "antd";
 
-import { type ApplyDNSProvider, applyDNSProvidersMap } from "@/domain/provider";
+import { type ACMEDns01Provider, acmeDns01ProvidersMap } from "@/domain/provider";
 
-export type ApplyDNSProviderSelectProps = Omit<
+export type ACMEDns01ProviderSelectProps = Omit<
   SelectProps,
   "filterOption" | "filterSort" | "labelRender" | "options" | "optionFilterProp" | "optionLabelProp" | "optionRender"
 > & {
-  filter?: (record: ApplyDNSProvider) => boolean;
+  filter?: (record: ACMEDns01Provider) => boolean;
 };
 
-const ApplyDNSProviderSelect = ({ filter, ...props }: ApplyDNSProviderSelectProps) => {
+const ACMEDns01ProviderSelect = ({ filter, ...props }: ACMEDns01ProviderSelectProps) => {
   const { t } = useTranslation();
 
-  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: ApplyDNSProvider }>>([]);
+  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: ACMEDns01Provider }>>([]);
   useEffect(() => {
-    const allItems = Array.from(applyDNSProvidersMap.values());
+    const allItems = Array.from(acmeDns01ProvidersMap.values());
     const filteredItems = filter != null ? allItems.filter(filter) : allItems;
     setOptions(
       filteredItems.map((item) => ({
@@ -29,7 +29,7 @@ const ApplyDNSProviderSelect = ({ filter, ...props }: ApplyDNSProviderSelectProp
   }, [filter]);
 
   const renderOption = (key: string) => {
-    const provider = applyDNSProvidersMap.get(key);
+    const provider = acmeDns01ProvidersMap.get(key);
     return (
       <Space className="max-w-full grow overflow-hidden truncate" size={4}>
         <Avatar src={provider?.icon} size="small" />
@@ -64,4 +64,4 @@ const ApplyDNSProviderSelect = ({ filter, ...props }: ApplyDNSProviderSelectProp
   );
 };
 
-export default memo(ApplyDNSProviderSelect);
+export default memo(ACMEDns01ProviderSelect);
diff --git a/ui/src/components/provider/ApplyCAProviderSelect.tsx b/ui/src/components/provider/CAProviderSelect.tsx
similarity index 79%
rename from ui/src/components/provider/ApplyCAProviderSelect.tsx
rename to ui/src/components/provider/CAProviderSelect.tsx
index fdedac9b..15d31230 100644
--- a/ui/src/components/provider/ApplyCAProviderSelect.tsx
+++ b/ui/src/components/provider/CAProviderSelect.tsx
@@ -2,28 +2,28 @@ import { memo, useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Avatar, Select, type SelectProps, Space, Typography } from "antd";
 
-import { type ApplyCAProvider, applyCAProvidersMap } from "@/domain/provider";
+import { type CAProvider, caProvidersMap } from "@/domain/provider";
 
-export type ApplyCAProviderSelectProps = Omit<
+export type CAProviderSelectProps = Omit<
   SelectProps,
   "filterOption" | "filterSort" | "labelRender" | "options" | "optionFilterProp" | "optionLabelProp" | "optionRender"
 > & {
-  filter?: (record: ApplyCAProvider) => boolean;
+  filter?: (record: CAProvider) => boolean;
 };
 
-const ApplyCAProviderSelect = ({ filter, ...props }: ApplyCAProviderSelectProps) => {
+const CAProviderSelect = ({ filter, ...props }: CAProviderSelectProps) => {
   const { t } = useTranslation();
 
-  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: ApplyCAProvider }>>([]);
+  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: CAProvider }>>([]);
   useEffect(() => {
-    const allItems = Array.from(applyCAProvidersMap.values());
+    const allItems = Array.from(caProvidersMap.values());
     const filteredItems = filter != null ? allItems.filter(filter) : allItems;
     setOptions([
       {
         key: "",
         value: "",
-        label: "provider.default_ca_provider.label",
-        data: {} as ApplyCAProvider,
+        label: t("provider.default_ca_provider.label"),
+        data: {} as CAProvider,
       },
       ...filteredItems.map((item) => ({
         key: item.type,
@@ -45,7 +45,7 @@ const ApplyCAProviderSelect = ({ filter, ...props }: ApplyCAProviderSelectProps)
       );
     }
 
-    const provider = applyCAProvidersMap.get(key);
+    const provider = caProvidersMap.get(key);
     return (
       <Space className="max-w-full grow overflow-hidden truncate" size={4}>
         <Avatar src={provider?.icon} size="small" />
@@ -80,4 +80,4 @@ const ApplyCAProviderSelect = ({ filter, ...props }: ApplyCAProviderSelectProps)
   );
 };
 
-export default memo(ApplyCAProviderSelect);
+export default memo(CAProviderSelect);
diff --git a/ui/src/components/provider/DeployProviderPicker.tsx b/ui/src/components/provider/DeploymentProviderPicker.tsx
similarity index 76%
rename from ui/src/components/provider/DeployProviderPicker.tsx
rename to ui/src/components/provider/DeploymentProviderPicker.tsx
index 10aa3e09..8ba09b92 100644
--- a/ui/src/components/provider/DeployProviderPicker.tsx
+++ b/ui/src/components/provider/DeploymentProviderPicker.tsx
@@ -3,9 +3,9 @@ import { useTranslation } from "react-i18next";
 import { Avatar, Card, Col, Empty, Flex, Input, type InputRef, Row, Tabs, Tooltip, Typography } from "antd";
 
 import Show from "@/components/Show";
-import { DEPLOY_CATEGORIES, deployProvidersMap } from "@/domain/provider";
+import { DEPLOYMENT_CATEGORIES, deploymentProvidersMap } from "@/domain/provider";
 
-export type DeployProviderPickerProps = {
+export type DeploymentProviderPickerProps = {
   className?: string;
   style?: React.CSSProperties;
   autoFocus?: boolean;
@@ -13,10 +13,10 @@ export type DeployProviderPickerProps = {
   onSelect?: (value: string) => void;
 };
 
-const DeployProviderPicker = ({ className, style, autoFocus, placeholder, onSelect }: DeployProviderPickerProps) => {
+const DeploymentProviderPicker = ({ className, style, autoFocus, placeholder, onSelect }: DeploymentProviderPickerProps) => {
   const { t } = useTranslation();
 
-  const [category, setCategory] = useState<string>(DEPLOY_CATEGORIES.ALL);
+  const [category, setCategory] = useState<string>(DEPLOYMENT_CATEGORIES.ALL);
 
   const [keyword, setKeyword] = useState<string>();
   const keywordInputRef = useRef<InputRef>(null);
@@ -27,9 +27,9 @@ const DeployProviderPicker = ({ className, style, autoFocus, placeholder, onSele
   }, []);
 
   const providers = useMemo(() => {
-    return Array.from(deployProvidersMap.values())
+    return Array.from(deploymentProvidersMap.values())
       .filter((provider) => {
-        if (category && category !== DEPLOY_CATEGORIES.ALL) {
+        if (category && category !== DEPLOYMENT_CATEGORIES.ALL) {
           return provider.category === category;
         }
 
@@ -56,17 +56,17 @@ const DeployProviderPicker = ({ className, style, autoFocus, placeholder, onSele
       <div className="mt-4">
         <Flex>
           <Tabs
-            defaultActiveKey={DEPLOY_CATEGORIES.ALL}
+            defaultActiveKey={DEPLOYMENT_CATEGORIES.ALL}
             items={[
-              DEPLOY_CATEGORIES.ALL,
-              DEPLOY_CATEGORIES.CDN,
-              DEPLOY_CATEGORIES.STORAGE,
-              DEPLOY_CATEGORIES.LOADBALANCE,
-              DEPLOY_CATEGORIES.FIREWALL,
-              DEPLOY_CATEGORIES.AV,
-              DEPLOY_CATEGORIES.SERVERLESS,
-              DEPLOY_CATEGORIES.WEBSITE,
-              DEPLOY_CATEGORIES.OTHER,
+              DEPLOYMENT_CATEGORIES.ALL,
+              DEPLOYMENT_CATEGORIES.CDN,
+              DEPLOYMENT_CATEGORIES.STORAGE,
+              DEPLOYMENT_CATEGORIES.LOADBALANCE,
+              DEPLOYMENT_CATEGORIES.FIREWALL,
+              DEPLOYMENT_CATEGORIES.AV,
+              DEPLOYMENT_CATEGORIES.SERVERLESS,
+              DEPLOYMENT_CATEGORIES.WEBSITE,
+              DEPLOYMENT_CATEGORIES.OTHER,
             ].map((key) => ({
               key: key,
               label: t(`provider.category.${key}`),
@@ -110,4 +110,4 @@ const DeployProviderPicker = ({ className, style, autoFocus, placeholder, onSele
   );
 };
 
-export default memo(DeployProviderPicker);
+export default memo(DeploymentProviderPicker);
diff --git a/ui/src/components/provider/DeployProviderSelect.tsx b/ui/src/components/provider/DeploymentProviderSelect.tsx
similarity index 77%
rename from ui/src/components/provider/DeployProviderSelect.tsx
rename to ui/src/components/provider/DeploymentProviderSelect.tsx
index 5be10cb7..0b38cedf 100644
--- a/ui/src/components/provider/DeployProviderSelect.tsx
+++ b/ui/src/components/provider/DeploymentProviderSelect.tsx
@@ -2,21 +2,21 @@ import { memo, useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Avatar, Select, type SelectProps, Space, Typography } from "antd";
 
-import { type DeployProvider, deployProvidersMap } from "@/domain/provider";
+import { type DeploymentProvider, deploymentProvidersMap } from "@/domain/provider";
 
-export type DeployProviderSelectProps = Omit<
+export type DeploymentProviderSelectProps = Omit<
   SelectProps,
   "filterOption" | "filterSort" | "labelRender" | "options" | "optionFilterProp" | "optionLabelProp" | "optionRender"
 > & {
-  filter?: (record: DeployProvider) => boolean;
+  filter?: (record: DeploymentProvider) => boolean;
 };
 
-const DeployProviderSelect = ({ filter, ...props }: DeployProviderSelectProps) => {
+const DeploymentProviderSelect = ({ filter, ...props }: DeploymentProviderSelectProps) => {
   const { t } = useTranslation();
 
-  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: DeployProvider }>>([]);
+  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: DeploymentProvider }>>([]);
   useEffect(() => {
-    const allItems = Array.from(deployProvidersMap.values());
+    const allItems = Array.from(deploymentProvidersMap.values());
     const filteredItems = filter != null ? allItems.filter(filter) : allItems;
     setOptions(
       filteredItems.map((item) => ({
@@ -29,7 +29,7 @@ const DeployProviderSelect = ({ filter, ...props }: DeployProviderSelectProps) =
   }, [filter]);
 
   const renderOption = (key: string) => {
-    const provider = deployProvidersMap.get(key);
+    const provider = deploymentProvidersMap.get(key);
     return (
       <Space className="max-w-full grow overflow-hidden truncate" size={4}>
         <Avatar src={provider?.icon} size="small" />
@@ -64,4 +64,4 @@ const DeployProviderSelect = ({ filter, ...props }: DeployProviderSelectProps) =
   );
 };
 
-export default memo(DeployProviderSelect);
+export default memo(DeploymentProviderSelect);
diff --git a/ui/src/components/provider/NotificationProviderSelect.tsx b/ui/src/components/provider/NotificationProviderSelect.tsx
new file mode 100644
index 00000000..98a1005c
--- /dev/null
+++ b/ui/src/components/provider/NotificationProviderSelect.tsx
@@ -0,0 +1,67 @@
+import { memo, useEffect, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { Avatar, Select, type SelectProps, Space, Typography } from "antd";
+
+import { type NotificationProvider, notificationProvidersMap } from "@/domain/provider";
+
+export type NotificationProviderSelectProps = Omit<
+  SelectProps,
+  "filterOption" | "filterSort" | "labelRender" | "options" | "optionFilterProp" | "optionLabelProp" | "optionRender"
+> & {
+  filter?: (record: NotificationProvider) => boolean;
+};
+
+const NotificationProviderSelect = ({ filter, ...props }: NotificationProviderSelectProps) => {
+  const { t } = useTranslation();
+
+  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: NotificationProvider }>>([]);
+  useEffect(() => {
+    const allItems = Array.from(notificationProvidersMap.values());
+    const filteredItems = filter != null ? allItems.filter(filter) : allItems;
+    setOptions(
+      filteredItems.map((item) => ({
+        key: item.type,
+        value: item.type,
+        label: t(item.name),
+        data: item,
+      }))
+    );
+  }, [filter]);
+
+  const renderOption = (key: string) => {
+    const provider = notificationProvidersMap.get(key);
+    return (
+      <Space className="max-w-full grow overflow-hidden truncate" size={4}>
+        <Avatar src={provider?.icon} size="small" />
+        <Typography.Text className="leading-loose" ellipsis>
+          {t(provider?.name ?? "")}
+        </Typography.Text>
+      </Space>
+    );
+  };
+
+  return (
+    <Select
+      {...props}
+      filterOption={(inputValue, option) => {
+        if (!option) return false;
+
+        const value = inputValue.toLowerCase();
+        return option.value.toLowerCase().includes(value) || option.label.toLowerCase().includes(value);
+      }}
+      labelRender={({ label, value }) => {
+        if (!label) {
+          return <Typography.Text type="secondary">{props.placeholder}</Typography.Text>;
+        }
+
+        return renderOption(value as string);
+      }}
+      options={options}
+      optionFilterProp={undefined}
+      optionLabelProp={undefined}
+      optionRender={(option) => renderOption(option.data.value)}
+    />
+  );
+};
+
+export default memo(NotificationProviderSelect);
diff --git a/ui/src/components/workflow/WorkflowRunDetail.tsx b/ui/src/components/workflow/WorkflowRunDetail.tsx
index 18a2f40d..2d421880 100644
--- a/ui/src/components/workflow/WorkflowRunDetail.tsx
+++ b/ui/src/components/workflow/WorkflowRunDetail.tsx
@@ -193,6 +193,7 @@ const WorkflowRunLogs = ({ runId, runStatus }: { runId: string; runStatus: strin
     const NEWLINE = "\n";
     const logstr = listData
       .map((group) => {
+        const escape = (str: string) => str.replaceAll("\r", "\\r").replaceAll("\n", "\\n");
         return (
           group.name +
           NEWLINE +
@@ -200,8 +201,9 @@ const WorkflowRunLogs = ({ runId, runStatus }: { runId: string; runStatus: strin
             .map((record) => {
               const datetime = dayjs(record.timestamp).format("YYYY-MM-DDTHH:mm:ss.SSSZ");
               const level = record.level;
-              const message = record.message.trim().replaceAll("\r", "\\r").replaceAll("\n", "\\n");
-              return `[${datetime}] [${level}] ${message}`;
+              const message = record.message;
+              const data = record.data && Object.keys(record.data).length > 0 ? JSON.stringify(record.data) : "";
+              return `[${datetime}] [${level}] ${escape(message)} ${escape(data)}`.trim();
             })
             .join(NEWLINE)
         );
diff --git a/ui/src/components/workflow/node/ApplyNodeConfigForm.tsx b/ui/src/components/workflow/node/ApplyNodeConfigForm.tsx
index 6ea95979..37d7c6a1 100644
--- a/ui/src/components/workflow/node/ApplyNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/ApplyNodeConfigForm.tsx
@@ -31,9 +31,10 @@ import AccessEditModal from "@/components/access/AccessEditModal";
 import AccessSelect from "@/components/access/AccessSelect";
 import ModalForm from "@/components/ModalForm";
 import MultipleInput from "@/components/MultipleInput";
-import ApplyCAProviderSelect from "@/components/provider/ApplyCAProviderSelect";
-import ApplyDNSProviderSelect from "@/components/provider/ApplyDNSProviderSelect";
-import { ACCESS_USAGES, APPLY_DNS_PROVIDERS, accessProvidersMap, applyCAProvidersMap, applyDNSProvidersMap } from "@/domain/provider";
+import ACMEDns01ProviderSelect from "@/components/provider/ACMEDns01ProviderSelect";
+import CAProviderSelect from "@/components/provider/CAProviderSelect";
+import Show from "@/components/Show";
+import { ACCESS_USAGES, ACME_DNS01_PROVIDERS, accessProvidersMap, acmeDns01ProvidersMap, caProvidersMap } from "@/domain/provider";
 import { type WorkflowNodeConfigForApply } from "@/domain/workflow";
 import { useAntdForm, useAntdFormName, useZustandShallowSelector } from "@/hooks";
 import { useAccessesStore } from "@/stores/access";
@@ -98,7 +99,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
         .refine((v) => {
           if (!fieldCAProvider) return true;
 
-          const provider = applyCAProvidersMap.get(fieldCAProvider);
+          const provider = caProvidersMap.get(fieldCAProvider);
           return !!provider?.builtin || !!v;
         }, t("workflow_node.apply.form.ca_provider_access.placeholder")),
       caProviderConfig: z.any().nullish(),
@@ -154,7 +155,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
       // 如果对应多个（如 AWS 的 Route53、Lightsail，腾讯云的 DNS、EdgeOne 等），则显示。
       if (fieldProviderAccessId) {
         const access = accesses.find((e) => e.id === fieldProviderAccessId);
-        const providers = Array.from(applyDNSProvidersMap.values()).filter((e) => e.provider === access?.provider);
+        const providers = Array.from(acmeDns01ProvidersMap.values()).filter((e) => e.provider === access?.provider);
         setShowProvider(providers.length > 1);
       } else {
         setShowProvider(false);
@@ -165,7 +166,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
     useEffect(() => {
       // 内置的 CA 提供商（如 Let's Encrypt）无需显示授权信息字段
       if (fieldCAProvider) {
-        const provider = applyCAProvidersMap.get(fieldCAProvider);
+        const provider = caProvidersMap.get(fieldCAProvider);
         setShowCAProviderAccess(!provider?.builtin);
       } else {
         setShowCAProviderAccess(false);
@@ -187,16 +188,16 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
         NOTICE: If you add new child component, please keep ASCII order.
        */
       switch (fieldProvider) {
-        case APPLY_DNS_PROVIDERS.AWS:
-        case APPLY_DNS_PROVIDERS.AWS_ROUTE53:
+        case ACME_DNS01_PROVIDERS.AWS:
+        case ACME_DNS01_PROVIDERS.AWS_ROUTE53:
           return <ApplyNodeConfigFormAWSRoute53Config {...nestedFormProps} />;
-        case APPLY_DNS_PROVIDERS.HUAWEICLOUD:
-        case APPLY_DNS_PROVIDERS.HUAWEICLOUD_DNS:
+        case ACME_DNS01_PROVIDERS.HUAWEICLOUD:
+        case ACME_DNS01_PROVIDERS.HUAWEICLOUD_DNS:
           return <ApplyNodeConfigFormHuaweiCloudDNSConfig {...nestedFormProps} />;
-        case APPLY_DNS_PROVIDERS.JDCLOUD:
-        case APPLY_DNS_PROVIDERS.JDCLOUD_DNS:
+        case ACME_DNS01_PROVIDERS.JDCLOUD:
+        case ACME_DNS01_PROVIDERS.JDCLOUD_DNS:
           return <ApplyNodeConfigFormJDCloudDNSConfig {...nestedFormProps} />;
-        case APPLY_DNS_PROVIDERS.TENCENTCLOUD_EO:
+        case ACME_DNS01_PROVIDERS.TENCENTCLOUD_EO:
           return <ApplyNodeConfigFormTencentCloudEOConfig {...nestedFormProps} />;
       }
     }, [disabled, initialValues?.providerConfig, fieldProvider, nestedFormInst, nestedFormName]);
@@ -209,7 +210,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
         formInst.setFieldValue("providerAccessId", initialValues?.providerAccessId);
         onValuesChange?.(formInst.getFieldsValue(true));
       } else {
-        if (applyDNSProvidersMap.get(fieldProvider)?.provider !== applyDNSProvidersMap.get(value)?.provider) {
+        if (acmeDns01ProvidersMap.get(fieldProvider)?.provider !== acmeDns01ProvidersMap.get(value)?.provider) {
           formInst.setFieldValue("providerAccessId", undefined);
           onValuesChange?.(formInst.getFieldsValue(true));
         }
@@ -217,11 +218,9 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
     };
 
     const handleProviderAccessSelect = (value: string) => {
-      if (fieldProviderAccessId === value) return;
-
       // 切换授权信息时联动 DNS 提供商
       const access = accesses.find((access) => access.id === value);
-      const provider = Array.from(applyDNSProvidersMap.values()).find((provider) => provider.provider === access?.provider);
+      const provider = Array.from(acmeDns01ProvidersMap.values()).find((provider) => provider.provider === access?.provider);
       if (fieldProvider !== provider?.type) {
         formInst.setFieldValue("provider", provider?.type);
         onValuesChange?.(formInst.getFieldsValue(true));
@@ -229,8 +228,6 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
     };
 
     const handleCAProviderSelect = (value?: string | undefined) => {
-      if (fieldCAProvider === value) return;
-
       // 切换 CA 提供商时联动授权信息
       if (value === "") {
         setTimeout(() => {
@@ -242,7 +239,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
         formInst.setFieldValue("caProviderAccessId", initialValues?.caProviderAccessId);
         onValuesChange?.(formInst.getFieldsValue(true));
       } else {
-        if (applyCAProvidersMap.get(fieldCAProvider)?.provider !== applyCAProvidersMap.get(value!)?.provider) {
+        if (caProvidersMap.get(fieldCAProvider)?.provider !== caProvidersMap.get(value!)?.provider) {
           formInst.setFieldValue("caProviderAccessId", undefined);
           onValuesChange?.(formInst.getFieldsValue(true));
         }
@@ -327,7 +324,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
           </Form.Item>
 
           <Form.Item name="provider" label={t("workflow_node.apply.form.provider.label")} hidden={!showProvider} rules={[formRule]}>
-            <ApplyDNSProviderSelect
+            <ACMEDns01ProviderSelect
               disabled={!showProvider}
               filter={(record) => {
                 if (fieldProviderAccessId) {
@@ -355,7 +352,6 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
                 </div>
                 <div className="text-right">
                   <AccessEditModal
-                    range="both-dns-hosting"
                     scene="add"
                     trigger={
                       <Button size="small" type="link">
@@ -363,10 +359,12 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
                         <PlusOutlinedIcon className="text-xs" />
                       </Button>
                     }
+                    usage="both-dns-hosting"
                     afterSubmit={(record) => {
                       const provider = accessProvidersMap.get(record.provider);
                       if (provider?.usages?.includes(ACCESS_USAGES.DNS)) {
                         formInst.setFieldValue("providerAccessId", record.id);
+                        handleProviderAccessSelect(record.id);
                       }
                     }}
                   />
@@ -376,6 +374,8 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
             <Form.Item name="providerAccessId" rules={[formRule]}>
               <AccessSelect
                 filter={(record) => {
+                  if (record.reserve) return false;
+
                   const provider = accessProvidersMap.get(record.provider);
                   return !!provider?.usages?.includes(ACCESS_USAGES.DNS);
                 }}
@@ -398,19 +398,23 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
           <Form.Item className="mb-0">
             <label className="mb-1 block">
               <div className="flex w-full items-center justify-between gap-4">
-                <div className="max-w-full grow truncate">{t("workflow_node.apply.form.ca_provider.label")}</div>
+                <div className="max-w-full grow truncate">
+                  <span>{t("workflow_node.apply.form.ca_provider.label")}</span>
+                </div>
                 <div className="text-right">
-                  <Link className="ant-typography" to="/settings/ssl-provider" target="_blank">
-                    <Button size="small" type="link">
-                      {t("workflow_node.apply.form.ca_provider.button")}
-                      <RightOutlinedIcon className="text-xs" />
-                    </Button>
-                  </Link>
+                  <Show when={!fieldCAProvider}>
+                    <Link className="ant-typography" to="/settings/ssl-provider" target="_blank">
+                      <Button size="small" type="link">
+                        {t("workflow_node.apply.form.ca_provider.button")}
+                        <RightOutlinedIcon className="text-xs" />
+                      </Button>
+                    </Link>
+                  </Show>
                 </div>
               </div>
             </label>
             <Form.Item name="caProvider" rules={[formRule]}>
-              <ApplyCAProviderSelect
+              <CAProviderSelect
                 allowClear
                 placeholder={t("workflow_node.apply.form.ca_provider.placeholder")}
                 showSearch
@@ -428,8 +432,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
                 </div>
                 <div className="text-right">
                   <AccessEditModal
-                    data={{ provider: applyCAProvidersMap.get(fieldCAProvider!)?.provider }}
-                    range="ca-only"
+                    data={{ provider: caProvidersMap.get(fieldCAProvider!)?.provider }}
                     scene="add"
                     trigger={
                       <Button size="small" type="link">
@@ -437,6 +440,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
                         <PlusOutlinedIcon className="text-xs" />
                       </Button>
                     }
+                    usage="ca-only"
                     afterSubmit={(record) => {
                       const provider = accessProvidersMap.get(record.provider);
                       if (provider?.usages?.includes(ACCESS_USAGES.CA)) {
@@ -450,9 +454,8 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
             <Form.Item name="caProviderAccessId" rules={[formRule]}>
               <AccessSelect
                 filter={(record) => {
-                  if (fieldCAProvider) {
-                    return applyCAProvidersMap.get(fieldCAProvider)?.provider === record.provider;
-                  }
+                  if (record.reserve !== "ca") return false;
+                  if (fieldCAProvider) return caProvidersMap.get(fieldCAProvider)?.provider === record.provider;
 
                   const provider = accessProvidersMap.get(record.provider);
                   return !!provider?.usages?.includes(ACCESS_USAGES.CA);
diff --git a/ui/src/components/workflow/node/DeployNode.tsx b/ui/src/components/workflow/node/DeployNode.tsx
index 9eca1248..92eb2890 100644
--- a/ui/src/components/workflow/node/DeployNode.tsx
+++ b/ui/src/components/workflow/node/DeployNode.tsx
@@ -3,7 +3,7 @@ import { useTranslation } from "react-i18next";
 import { Avatar, Flex, Typography } from "antd";
 import { produce } from "immer";
 
-import { deployProvidersMap } from "@/domain/provider";
+import { deploymentProvidersMap } from "@/domain/provider";
 import { type WorkflowNodeConfigForDeploy, WorkflowNodeType } from "@/domain/workflow";
 import { useZustandShallowSelector } from "@/hooks";
 import { useWorkflowStore } from "@/stores/workflow";
@@ -43,7 +43,7 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
     }
 
     const config = (node.config as WorkflowNodeConfigForDeploy) ?? {};
-    const provider = deployProvidersMap.get(config.provider);
+    const provider = deploymentProvidersMap.get(config.provider);
     return (
       <Flex className="size-full overflow-hidden" align="center" gap={8}>
         <Avatar src={provider?.icon} size="small" />
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index 24d256de..6a3a944e 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -7,10 +7,10 @@ import { z } from "zod";
 
 import AccessEditModal from "@/components/access/AccessEditModal";
 import AccessSelect from "@/components/access/AccessSelect";
-import DeployProviderPicker from "@/components/provider/DeployProviderPicker.tsx";
-import DeployProviderSelect from "@/components/provider/DeployProviderSelect.tsx";
+import DeploymentProviderPicker from "@/components/provider/DeploymentProviderPicker.tsx";
+import DeploymentProviderSelect from "@/components/provider/DeploymentProviderSelect.tsx";
 import Show from "@/components/Show";
-import { ACCESS_USAGES, DEPLOY_PROVIDERS, accessProvidersMap, deployProvidersMap } from "@/domain/provider";
+import { ACCESS_USAGES, DEPLOYMENT_PROVIDERS, accessProvidersMap, deploymentProvidersMap } from "@/domain/provider";
 import { type WorkflowNode, type WorkflowNodeConfigForDeploy } from "@/domain/workflow";
 import { useAntdForm, useAntdFormName, useZustandShallowSelector } from "@/hooks";
 import { useWorkflowStore } from "@/stores/workflow";
@@ -133,7 +133,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
         .refine((v) => {
           if (!fieldProvider) return true;
 
-          const provider = deployProvidersMap.get(fieldProvider);
+          const provider = deploymentProvidersMap.get(fieldProvider);
           return !!provider?.builtin || !!v;
         }, t("workflow_node.deploy.form.provider_access.placeholder")),
       providerConfig: z.any().nullish(),
@@ -151,7 +151,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
     useEffect(() => {
       // 内置的部署提供商（如本地部署）无需显示授权信息字段
       if (fieldProvider) {
-        const provider = deployProvidersMap.get(fieldProvider);
+        const provider = deploymentProvidersMap.get(fieldProvider);
         setShowProviderAccess(!provider?.builtin);
       } else {
         setShowProviderAccess(false);
@@ -173,145 +173,145 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
         NOTICE: If you add new child component, please keep ASCII order.
        */
       switch (fieldProvider) {
-        case DEPLOY_PROVIDERS["1PANEL_CONSOLE"]:
+        case DEPLOYMENT_PROVIDERS["1PANEL_CONSOLE"]:
           return <DeployNodeConfigForm1PanelConsoleConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS["1PANEL_SITE"]:
+        case DEPLOYMENT_PROVIDERS["1PANEL_SITE"]:
           return <DeployNodeConfigForm1PanelSiteConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_ALB:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_ALB:
           return <DeployNodeConfigFormAliyunALBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_APIGW:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_APIGW:
           return <DeployNodeConfigFormAliyunAPIGWConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_CAS:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_CAS:
           return <DeployNodeConfigFormAliyunCASConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_CAS_DEPLOY:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_CAS_DEPLOY:
           return <DeployNodeConfigFormAliyunCASDeployConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_CLB:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_CLB:
           return <DeployNodeConfigFormAliyunCLBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_CDN:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_CDN:
           return <DeployNodeConfigFormAliyunCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_DCDN:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_DCDN:
           return <DeployNodeConfigFormAliyunDCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_ESA:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_ESA:
           return <DeployNodeConfigFormAliyunESAConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_FC:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_FC:
           return <DeployNodeConfigFormAliyunFCConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_LIVE:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_LIVE:
           return <DeployNodeConfigFormAliyunLiveConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_NLB:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_NLB:
           return <DeployNodeConfigFormAliyunNLBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_OSS:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_OSS:
           return <DeployNodeConfigFormAliyunOSSConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_VOD:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_VOD:
           return <DeployNodeConfigFormAliyunVODConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.ALIYUN_WAF:
+        case DEPLOYMENT_PROVIDERS.ALIYUN_WAF:
           return <DeployNodeConfigFormAliyunWAFConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.AWS_ACM:
+        case DEPLOYMENT_PROVIDERS.AWS_ACM:
           return <DeployNodeConfigFormAWSACMConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.AWS_CLOUDFRONT:
+        case DEPLOYMENT_PROVIDERS.AWS_CLOUDFRONT:
           return <DeployNodeConfigFormAWSCloudFrontConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.AZURE_KEYVAULT:
+        case DEPLOYMENT_PROVIDERS.AZURE_KEYVAULT:
           return <DeployNodeConfigFormAzureKeyVaultConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BAIDUCLOUD_APPBLB:
+        case DEPLOYMENT_PROVIDERS.BAIDUCLOUD_APPBLB:
           return <DeployNodeConfigFormBaiduCloudAppBLBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BAIDUCLOUD_BLB:
+        case DEPLOYMENT_PROVIDERS.BAIDUCLOUD_BLB:
           return <DeployNodeConfigFormBaiduCloudBLBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BAIDUCLOUD_CDN:
+        case DEPLOYMENT_PROVIDERS.BAIDUCLOUD_CDN:
           return <DeployNodeConfigFormBaiduCloudCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BAISHAN_CDN:
+        case DEPLOYMENT_PROVIDERS.BAISHAN_CDN:
           return <DeployNodeConfigFormBaishanCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BAOTAPANEL_CONSOLE:
+        case DEPLOYMENT_PROVIDERS.BAOTAPANEL_CONSOLE:
           return <DeployNodeConfigFormBaotaPanelConsoleConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BAOTAPANEL_SITE:
+        case DEPLOYMENT_PROVIDERS.BAOTAPANEL_SITE:
           return <DeployNodeConfigFormBaotaPanelSiteConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BUNNY_CDN:
+        case DEPLOYMENT_PROVIDERS.BUNNY_CDN:
           return <DeployNodeConfigFormBunnyCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.BYTEPLUS_CDN:
+        case DEPLOYMENT_PROVIDERS.BYTEPLUS_CDN:
           return <DeployNodeConfigFormBytePlusCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.CDNFLY:
+        case DEPLOYMENT_PROVIDERS.CDNFLY:
           return <DeployNodeConfigFormCdnflyConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.DOGECLOUD_CDN:
+        case DEPLOYMENT_PROVIDERS.DOGECLOUD_CDN:
           return <DeployNodeConfigFormDogeCloudCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.EDGIO_APPLICATIONS:
+        case DEPLOYMENT_PROVIDERS.EDGIO_APPLICATIONS:
           return <DeployNodeConfigFormEdgioApplicationsConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.GCORE_CDN:
+        case DEPLOYMENT_PROVIDERS.GCORE_CDN:
           return <DeployNodeConfigFormGcoreCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.HUAWEICLOUD_CDN:
+        case DEPLOYMENT_PROVIDERS.HUAWEICLOUD_CDN:
           return <DeployNodeConfigFormHuaweiCloudCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.HUAWEICLOUD_ELB:
+        case DEPLOYMENT_PROVIDERS.HUAWEICLOUD_ELB:
           return <DeployNodeConfigFormHuaweiCloudELBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.HUAWEICLOUD_WAF:
+        case DEPLOYMENT_PROVIDERS.HUAWEICLOUD_WAF:
           return <DeployNodeConfigFormHuaweiCloudWAFConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.JDCLOUD_ALB:
+        case DEPLOYMENT_PROVIDERS.JDCLOUD_ALB:
           return <DeployNodeConfigFormJDCloudALBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.JDCLOUD_CDN:
+        case DEPLOYMENT_PROVIDERS.JDCLOUD_CDN:
           return <DeployNodeConfigFormJDCloudCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.JDCLOUD_LIVE:
+        case DEPLOYMENT_PROVIDERS.JDCLOUD_LIVE:
           return <DeployNodeConfigFormJDCloudLiveConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.JDCLOUD_VOD:
+        case DEPLOYMENT_PROVIDERS.JDCLOUD_VOD:
           return <DeployNodeConfigFormJDCloudVODConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.KUBERNETES_SECRET:
+        case DEPLOYMENT_PROVIDERS.KUBERNETES_SECRET:
           return <DeployNodeConfigFormKubernetesSecretConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.LOCAL:
+        case DEPLOYMENT_PROVIDERS.LOCAL:
           return <DeployNodeConfigFormLocalConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.QINIU_CDN:
+        case DEPLOYMENT_PROVIDERS.QINIU_CDN:
           return <DeployNodeConfigFormQiniuCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.QINIU_KODO:
+        case DEPLOYMENT_PROVIDERS.QINIU_KODO:
           return <DeployNodeConfigFormQiniuKodoConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.QINIU_PILI:
+        case DEPLOYMENT_PROVIDERS.QINIU_PILI:
           return <DeployNodeConfigFormQiniuPiliConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.RAINYUN_RCDN:
+        case DEPLOYMENT_PROVIDERS.RAINYUN_RCDN:
           return <DeployNodeConfigFormRainYunRCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.SAFELINE:
+        case DEPLOYMENT_PROVIDERS.SAFELINE:
           return <DeployNodeConfigFormSafeLineConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.SSH:
+        case DEPLOYMENT_PROVIDERS.SSH:
           return <DeployNodeConfigFormSSHConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_CDN:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_CDN:
           return <DeployNodeConfigFormTencentCloudCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_CLB:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_CLB:
           return <DeployNodeConfigFormTencentCloudCLBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_COS:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_COS:
           return <DeployNodeConfigFormTencentCloudCOSConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_CSS:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_CSS:
           return <DeployNodeConfigFormTencentCloudCSSConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_ECDN:
           return <DeployNodeConfigFormTencentCloudECDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_EO:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_EO:
           return <DeployNodeConfigFormTencentCloudEOConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_SCF:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_SCF:
           return <DeployNodeConfigFormTencentCloudSCFConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_SSL_DEPLOY:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_SSL_DEPLOY:
           return <DeployNodeConfigFormTencentCloudSSLDeployConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_VOD:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_VOD:
           return <DeployNodeConfigFormTencentCloudVODConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.TENCENTCLOUD_WAF:
+        case DEPLOYMENT_PROVIDERS.TENCENTCLOUD_WAF:
           return <DeployNodeConfigFormTencentCloudWAFConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.UCLOUD_UCDN:
+        case DEPLOYMENT_PROVIDERS.UCLOUD_UCDN:
           return <DeployNodeConfigFormUCloudUCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.UCLOUD_US3:
+        case DEPLOYMENT_PROVIDERS.UCLOUD_US3:
           return <DeployNodeConfigFormUCloudUS3Config {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.UPYUN_CDN:
+        case DEPLOYMENT_PROVIDERS.UPYUN_CDN:
           return <DeployNodeConfigFormUpyunCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.UPYUN_FILE:
+        case DEPLOYMENT_PROVIDERS.UPYUN_FILE:
           return <DeployNodeConfigFormUpyunFileConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_ALB:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_ALB:
           return <DeployNodeConfigFormVolcEngineALBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_CDN:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_CDN:
           return <DeployNodeConfigFormVolcEngineCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_CERTCENTER:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_CERTCENTER:
           return <DeployNodeConfigFormVolcEngineCertCenterConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_CLB:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_CLB:
           return <DeployNodeConfigFormVolcEngineCLBConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_DCDN:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_DCDN:
           return <DeployNodeConfigFormVolcEngineDCDNConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_IMAGEX:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_IMAGEX:
           return <DeployNodeConfigFormVolcEngineImageXConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_LIVE:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_LIVE:
           return <DeployNodeConfigFormVolcEngineLiveConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.VOLCENGINE_TOS:
+        case DEPLOYMENT_PROVIDERS.VOLCENGINE_TOS:
           return <DeployNodeConfigFormVolcEngineTOSConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.WANGSU_CDNPRO:
+        case DEPLOYMENT_PROVIDERS.WANGSU_CDNPRO:
           return <DeployNodeConfigFormWangsuCDNProConfig {...nestedFormProps} />;
-        case DEPLOY_PROVIDERS.WEBHOOK:
+        case DEPLOYMENT_PROVIDERS.WEBHOOK:
           return <DeployNodeConfigFormWebhookConfig {...nestedFormProps} />;
       }
     }, [disabled, initialValues?.providerConfig, fieldProvider, nestedFormInst, nestedFormName]);
@@ -322,8 +322,6 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
     };
 
     const handleProviderSelect = (value?: string | undefined) => {
-      if (fieldProvider === value) return;
-
       // 切换部署目标时重置表单，避免其他部署目标的配置字段影响当前部署目标
       if (initialValues?.provider === value) {
         formInst.resetFields();
@@ -339,7 +337,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
         }
         formInst.setFieldsValue(newValues);
 
-        if (deployProvidersMap.get(fieldProvider)?.provider !== deployProvidersMap.get(value!)?.provider) {
+        if (deploymentProvidersMap.get(fieldProvider)?.provider !== deploymentProvidersMap.get(value!)?.provider) {
           formInst.setFieldValue("providerAccessId", undefined);
           onValuesChange?.(formInst.getFieldsValue(true));
         }
@@ -384,10 +382,10 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
         <Form className={className} style={style} {...formProps} disabled={disabled} layout="vertical" scrollToFirstError onValuesChange={handleFormChange}>
           <Show
             when={!!fieldProvider}
-            fallback={<DeployProviderPicker autoFocus placeholder={t("workflow_node.deploy.search.provider.placeholder")} onSelect={handleProviderPick} />}
+            fallback={<DeploymentProviderPicker autoFocus placeholder={t("workflow_node.deploy.search.provider.placeholder")} onSelect={handleProviderPick} />}
           >
             <Form.Item name="provider" label={t("workflow_node.deploy.form.provider.label")} rules={[formRule]}>
-              <DeployProviderSelect
+              <DeploymentProviderSelect
                 allowClear
                 disabled={!!initialValues?.provider}
                 placeholder={t("workflow_node.deploy.form.provider.placeholder")}
@@ -410,8 +408,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
                   </div>
                   <div className="text-right">
                     <AccessEditModal
-                      data={{ provider: deployProvidersMap.get(fieldProvider!)?.provider }}
-                      range="both-dns-hosting"
+                      data={{ provider: deploymentProvidersMap.get(fieldProvider!)?.provider }}
                       scene="add"
                       trigger={
                         <Button size="small" type="link">
@@ -419,6 +416,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
                           <PlusOutlinedIcon className="text-xs" />
                         </Button>
                       }
+                      usage="both-dns-hosting"
                       afterSubmit={(record) => {
                         const provider = accessProvidersMap.get(record.provider);
                         if (provider?.usages?.includes(ACCESS_USAGES.HOSTING)) {
@@ -432,9 +430,8 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
               <Form.Item name="providerAccessId" rules={[formRule]}>
                 <AccessSelect
                   filter={(record) => {
-                    if (fieldProvider) {
-                      return deployProvidersMap.get(fieldProvider)?.provider === record.provider;
-                    }
+                    if (record.reserve) return false;
+                    if (fieldProvider) return deploymentProvidersMap.get(fieldProvider)?.provider === record.provider;
 
                     const provider = accessProvidersMap.get(record.provider);
                     return !!provider?.usages?.includes(ACCESS_USAGES.HOSTING);
@@ -444,7 +441,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
               </Form.Item>
             </Form.Item>
 
-            <Show when={fieldProvider === DEPLOY_PROVIDERS.LOCAL}>
+            <Show when={fieldProvider === DEPLOYMENT_PROVIDERS.LOCAL}>
               <Form.Item>
                 <Alert
                   type="info"
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormWebhookConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormWebhookConfig.tsx
index b916abf1..8305da8c 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormWebhookConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormWebhookConfig.tsx
@@ -1,5 +1,5 @@
 import { useTranslation } from "react-i18next";
-import { Alert, Button, Form, type FormInstance, Input } from "antd";
+import { Alert, Form, type FormInstance, Input } from "antd";
 import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
@@ -16,31 +16,26 @@ export type DeployNodeConfigFormWebhookConfigProps = {
 };
 
 const initFormModel = (): DeployNodeConfigFormWebhookConfigFieldValues => {
-  return {
-    webhookData: JSON.stringify(
-      {
-        name: "${DOMAINS}",
-        cert: "${CERTIFICATE}",
-        privkey: "${PRIVATE_KEY}",
-      },
-      null,
-      2
-    ),
-  };
+  return {};
 };
 
 const DeployNodeConfigFormWebhookConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: DeployNodeConfigFormWebhookConfigProps) => {
   const { t } = useTranslation();
 
   const formSchema = z.object({
-    webhookData: z.string({ message: t("workflow_node.deploy.form.webhook_data.placeholder") }).refine((v) => {
-      try {
-        JSON.parse(v);
-        return true;
-      } catch {
-        return false;
-      }
-    }, t("workflow_node.deploy.form.webhook_data.errmsg.json_invalid")),
+    webhookData: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+
+        try {
+          const obj = JSON.parse(v);
+          return typeof obj === "object" && !Array.isArray(obj);
+        } catch {
+          return false;
+        }
+      }, t("workflow_node.deploy.form.webhook_data.errmsg.json_invalid")),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -54,10 +49,6 @@ const DeployNodeConfigFormWebhookConfig = ({ form: formInst, formName, disabled,
     }
   };
 
-  const handlePresetDataClick = () => {
-    formInst.setFieldValue("webhookData", initFormModel().webhookData);
-  };
-
   const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
     onValuesChange?.(values);
   };
@@ -71,24 +62,18 @@ const DeployNodeConfigFormWebhookConfig = ({ form: formInst, formName, disabled,
       name={formName}
       onValuesChange={handleFormChange}
     >
-      <Form.Item className="mb-0">
-        <label className="mb-1 block">
-          <div className="flex w-full items-center justify-between gap-4">
-            <div className="max-w-full grow truncate">{t("workflow_node.deploy.form.webhook_data.label")}</div>
-            <div className="text-right">
-              <Button size="small" type="link" onClick={handlePresetDataClick}>
-                {t("workflow_node.deploy.form.webhook_data_preset.button")}
-              </Button>
-            </div>
-          </div>
-        </label>
-        <Form.Item name="webhookData" rules={[formRule]}>
-          <Input.TextArea
-            autoSize={{ minRows: 3, maxRows: 10 }}
-            placeholder={t("workflow_node.deploy.form.webhook_data.placeholder")}
-            onBlur={handleWebhookDataBlur}
-          />
-        </Form.Item>
+      <Form.Item
+        name="webhookData"
+        label={t("workflow_node.deploy.form.webhook_data.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.webhook_data.tooltip") }}></span>}
+      >
+        <Input.TextArea
+          allowClear
+          autoSize={{ minRows: 3, maxRows: 10 }}
+          placeholder={t("workflow_node.deploy.form.webhook_data.placeholder")}
+          onBlur={handleWebhookDataBlur}
+        />
       </Form.Item>
 
       <Form.Item>
diff --git a/ui/src/components/workflow/node/NotifyNode.tsx b/ui/src/components/workflow/node/NotifyNode.tsx
index 4ac35ab5..16132539 100644
--- a/ui/src/components/workflow/node/NotifyNode.tsx
+++ b/ui/src/components/workflow/node/NotifyNode.tsx
@@ -1,8 +1,9 @@
 import { memo, useMemo, useRef, useState } from "react";
 import { useTranslation } from "react-i18next";
-import { Flex, Typography } from "antd";
+import { Avatar, Flex, Typography } from "antd";
 import { produce } from "immer";
 
+import { notificationProvidersMap } from "@/domain/provider";
 import { notifyChannelsMap } from "@/domain/settings";
 import { type WorkflowNodeConfigForNotify, WorkflowNodeType } from "@/domain/workflow";
 import { useZustandShallowSelector } from "@/hooks";
@@ -39,9 +40,11 @@ const NotifyNode = ({ node, disabled }: NotifyNodeProps) => {
 
     const config = (node.config as WorkflowNodeConfigForNotify) ?? {};
     const channel = notifyChannelsMap.get(config.channel as string);
+    const provider = notificationProvidersMap.get(config.provider);
     return (
       <Flex className="size-full overflow-hidden" align="center" gap={8}>
-        <Typography.Text className="flex-1 truncate">{t(channel?.name ?? "　")}</Typography.Text>
+        <Avatar src={provider?.icon} size="small" />
+        <Typography.Text className="flex-1 truncate">{t(channel?.name ?? provider?.name ?? "　")}</Typography.Text>
         <Typography.Text className="truncate" type="secondary">
           {config.subject ?? ""}
         </Typography.Text>
diff --git a/ui/src/components/workflow/node/NotifyNodeConfigForm.tsx b/ui/src/components/workflow/node/NotifyNodeConfigForm.tsx
index 413a9d74..13dc1019 100644
--- a/ui/src/components/workflow/node/NotifyNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/NotifyNodeConfigForm.tsx
@@ -1,16 +1,27 @@
-import { forwardRef, memo, useEffect, useImperativeHandle } from "react";
+import { forwardRef, memo, useEffect, useImperativeHandle, useMemo, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Link } from "react-router";
-import { RightOutlined as RightOutlinedIcon } from "@ant-design/icons";
-import { Button, Form, type FormInstance, Input, Select } from "antd";
+import { PlusOutlined as PlusOutlinedIcon, RightOutlined as RightOutlinedIcon } from "@ant-design/icons";
+import { Button, Divider, Form, type FormInstance, Input, Select, Typography } from "antd";
 import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
+import AccessEditModal from "@/components/access/AccessEditModal";
+import AccessSelect from "@/components/access/AccessSelect";
+import NotificationProviderSelect from "@/components/provider/NotificationProviderSelect";
+import Show from "@/components/Show";
+import { ACCESS_USAGES, NOTIFICATION_PROVIDERS, accessProvidersMap, notificationProvidersMap } from "@/domain/provider";
 import { notifyChannelsMap } from "@/domain/settings";
 import { type WorkflowNodeConfigForNotify } from "@/domain/workflow";
-import { useAntdForm, useZustandShallowSelector } from "@/hooks";
+import { useAntdForm, useAntdFormName, useZustandShallowSelector } from "@/hooks";
+import { useAccessesStore } from "@/stores/access";
 import { useNotifyChannelsStore } from "@/stores/notify";
 
+import NotifyNodeConfigFormEmailConfig from "./NotifyNodeConfigFormEmailConfig";
+import NotifyNodeConfigFormMattermostConfig from "./NotifyNodeConfigFormMattermostConfig";
+import NotifyNodeConfigFormTelegramConfig from "./NotifyNodeConfigFormTelegramConfig";
+import NotifyNodeConfigFormWebhookConfig from "./NotifyNodeConfigFormWebhookConfig";
+
 type NotifyNodeConfigFormFieldValues = Partial<WorkflowNodeConfigForNotify>;
 
 export type NotifyNodeConfigFormProps = {
@@ -35,6 +46,8 @@ const NotifyNodeConfigForm = forwardRef<NotifyNodeConfigFormInstance, NotifyNode
   ({ className, style, disabled, initialValues, onValuesChange }, ref) => {
     const { t } = useTranslation();
 
+    const { accesses } = useAccessesStore(useZustandShallowSelector("accesses"));
+
     const {
       channels,
       loadedAtOnce: channelsLoadedAtOnce,
@@ -53,7 +66,12 @@ const NotifyNodeConfigForm = forwardRef<NotifyNodeConfigFormInstance, NotifyNode
         .string({ message: t("workflow_node.notify.form.message.placeholder") })
         .min(1, t("workflow_node.notify.form.message.placeholder"))
         .max(1000, t("common.errmsg.string_max", { max: 1000 })),
-      channel: z.string({ message: t("workflow_node.notify.form.channel.placeholder") }).min(1, t("workflow_node.notify.form.channel.placeholder")),
+      channel: z.string().nullish(),
+      provider: z.string({ message: t("workflow_node.notify.form.provider.placeholder") }).nonempty(t("workflow_node.notify.form.provider.placeholder")),
+      providerAccessId: z
+        .string({ message: t("workflow_node.notify.form.provider_access.placeholder") })
+        .nonempty(t("workflow_node.notify.form.provider_access.placeholder")),
+      providerConfig: z.any().nullish(),
     });
     const formRule = createSchemaFieldRule(formSchema);
     const { form: formInst, formProps } = useAntdForm({
@@ -61,6 +79,71 @@ const NotifyNodeConfigForm = forwardRef<NotifyNodeConfigFormInstance, NotifyNode
       initialValues: initialValues ?? initFormModel(),
     });
 
+    const fieldProvider = Form.useWatch<string>("provider", { form: formInst, preserve: true });
+    const fieldProviderAccessId = Form.useWatch<string>("providerAccessId", formInst);
+
+    const [showProvider, setShowProvider] = useState(false);
+    useEffect(() => {
+      // 通常情况下每个授权信息只对应一个消息通知提供商，此时无需显示消息通知提供商字段；
+      // 如果对应多个，则显示。
+      if (fieldProviderAccessId) {
+        const access = accesses.find((e) => e.id === fieldProviderAccessId);
+        const providers = Array.from(notificationProvidersMap.values()).filter((e) => e.provider === access?.provider);
+        setShowProvider(providers.length > 1);
+      } else {
+        setShowProvider(false);
+      }
+    }, [accesses, fieldProviderAccessId]);
+
+    const [nestedFormInst] = Form.useForm();
+    const nestedFormName = useAntdFormName({ form: nestedFormInst, name: "workflowNodeNotifyConfigFormProviderConfigForm" });
+    const nestedFormEl = useMemo(() => {
+      const nestedFormProps = {
+        form: nestedFormInst,
+        formName: nestedFormName,
+        disabled: disabled,
+        initialValues: initialValues?.providerConfig,
+      };
+
+      /*
+        注意：如果追加新的子组件，请保持以 ASCII 排序。
+        NOTICE: If you add new child component, please keep ASCII order.
+       */
+      switch (fieldProvider) {
+        case NOTIFICATION_PROVIDERS.EMAIL:
+          return <NotifyNodeConfigFormEmailConfig {...nestedFormProps} />;
+        case NOTIFICATION_PROVIDERS.MATTERMOST:
+          return <NotifyNodeConfigFormMattermostConfig {...nestedFormProps} />;
+        case NOTIFICATION_PROVIDERS.TELEGRAM:
+          return <NotifyNodeConfigFormTelegramConfig {...nestedFormProps} />;
+        case NOTIFICATION_PROVIDERS.WEBHOOK:
+          return <NotifyNodeConfigFormWebhookConfig {...nestedFormProps} />;
+      }
+    }, [disabled, initialValues?.providerConfig, fieldProvider, nestedFormInst, nestedFormName]);
+
+    const handleProviderSelect = (value: string) => {
+      // 切换消息通知提供商时联动授权信息
+      if (initialValues?.provider === value) {
+        formInst.setFieldValue("providerAccessId", initialValues?.providerAccessId);
+        onValuesChange?.(formInst.getFieldsValue(true));
+      } else {
+        if (notificationProvidersMap.get(fieldProvider)?.provider !== notificationProvidersMap.get(value)?.provider) {
+          formInst.setFieldValue("providerAccessId", undefined);
+          onValuesChange?.(formInst.getFieldsValue(true));
+        }
+      }
+    };
+
+    const handleProviderAccessSelect = (value: string) => {
+      // 切换授权信息时联动消息通知提供商
+      const access = accesses.find((access) => access.id === value);
+      const provider = Array.from(notificationProvidersMap.values()).find((provider) => provider.provider === access?.provider);
+      if (fieldProvider !== provider?.type) {
+        formInst.setFieldValue("provider", provider?.type);
+        onValuesChange?.(formInst.getFieldsValue(true));
+      }
+    };
+
     const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
       onValuesChange?.(values as NotifyNodeConfigFormFieldValues);
     };
@@ -68,13 +151,21 @@ const NotifyNodeConfigForm = forwardRef<NotifyNodeConfigFormInstance, NotifyNode
     useImperativeHandle(ref, () => {
       return {
         getFieldsValue: () => {
-          return formInst.getFieldsValue(true);
+          const values = formInst.getFieldsValue(true);
+          values.providerConfig = nestedFormInst.getFieldsValue();
+          return values;
         },
         resetFields: (fields) => {
-          return formInst.resetFields(fields as (keyof NotifyNodeConfigFormFieldValues)[]);
+          formInst.resetFields(fields);
+
+          if (!!fields && fields.includes("providerConfig")) {
+            nestedFormInst.resetFields(fields);
+          }
         },
         validateFields: (nameList, config) => {
-          return formInst.validateFields(nameList, config);
+          const t1 = formInst.validateFields(nameList, config);
+          const t2 = nestedFormInst.validateFields(undefined, config);
+          return Promise.all([t1, t2]).then(() => t1);
         },
       } as NotifyNodeConfigFormInstance;
     });
@@ -92,7 +183,7 @@ const NotifyNodeConfigForm = forwardRef<NotifyNodeConfigFormInstance, NotifyNode
         <Form.Item className="mb-0">
           <label className="mb-1 block">
             <div className="flex w-full items-center justify-between gap-4">
-              <div className="max-w-full grow truncate">{t("workflow_node.notify.form.channel.label")}</div>
+              <div className="max-w-full grow truncate line-through">{t("workflow_node.notify.form.channel.label")}</div>
               <div className="text-right">
                 <Link className="ant-typography" to="/settings/notification" target="_blank">
                   <Button size="small" type="link">
@@ -116,6 +207,73 @@ const NotifyNodeConfigForm = forwardRef<NotifyNodeConfigFormInstance, NotifyNode
             />
           </Form.Item>
         </Form.Item>
+
+        <Form.Item name="provider" label={t("workflow_node.notify.form.provider.label")} hidden={!showProvider} rules={[formRule]}>
+          <NotificationProviderSelect
+            disabled={!showProvider}
+            filter={(record) => {
+              if (fieldProviderAccessId) {
+                return accesses.find((e) => e.id === fieldProviderAccessId)?.provider === record.provider;
+              }
+
+              return true;
+            }}
+            placeholder={t("workflow_node.notify.form.provider.placeholder")}
+            showSearch
+            onSelect={handleProviderSelect}
+          />
+        </Form.Item>
+
+        <Form.Item className="mb-0">
+          <label className="mb-1 block">
+            <div className="flex w-full items-center justify-between gap-4">
+              <div className="max-w-full grow truncate">
+                <span>{t("workflow_node.notify.form.provider_access.label")}</span>
+              </div>
+              <div className="text-right">
+                <AccessEditModal
+                  scene="add"
+                  trigger={
+                    <Button size="small" type="link">
+                      {t("workflow_node.notify.form.provider_access.button")}
+                      <PlusOutlinedIcon className="text-xs" />
+                    </Button>
+                  }
+                  usage="notification-only"
+                  afterSubmit={(record) => {
+                    const provider = accessProvidersMap.get(record.provider);
+                    if (provider?.usages?.includes(ACCESS_USAGES.NOTIFICATION)) {
+                      formInst.setFieldValue("providerAccessId", record.id);
+                      handleProviderAccessSelect(record.id);
+                    }
+                  }}
+                />
+              </div>
+            </div>
+          </label>
+          <Form.Item name="providerAccessId" rules={[formRule]}>
+            <AccessSelect
+              filter={(record) => {
+                if (record.reserve !== "notification") return false;
+
+                const provider = accessProvidersMap.get(record.provider);
+                return !!provider?.usages?.includes(ACCESS_USAGES.NOTIFICATION);
+              }}
+              placeholder={t("workflow_node.notify.form.provider_access.placeholder")}
+              onChange={handleProviderAccessSelect}
+            />
+          </Form.Item>
+        </Form.Item>
+
+        <Show when={!!nestedFormEl}>
+          <Divider className="my-1">
+            <Typography.Text className="text-xs font-normal" type="secondary">
+              {t("workflow_node.notify.form.params_config.label")}
+            </Typography.Text>
+          </Divider>
+
+          {nestedFormEl}
+        </Show>
       </Form>
     );
   }
diff --git a/ui/src/components/workflow/node/NotifyNodeConfigFormEmailConfig.tsx b/ui/src/components/workflow/node/NotifyNodeConfigFormEmailConfig.tsx
new file mode 100644
index 00000000..b6bfed17
--- /dev/null
+++ b/ui/src/components/workflow/node/NotifyNodeConfigFormEmailConfig.tsx
@@ -0,0 +1,80 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { validEmailAddress } from "@/utils/validators";
+
+type NotifyNodeConfigFormEmailConfigFieldValues = Nullish<{
+  senderAddress?: string;
+  receiverAddress?: string;
+}>;
+
+export type NotifyNodeConfigFormEmailConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: NotifyNodeConfigFormEmailConfigFieldValues;
+  onValuesChange?: (values: NotifyNodeConfigFormEmailConfigFieldValues) => void;
+};
+
+const initFormModel = (): NotifyNodeConfigFormEmailConfigFieldValues => {
+  return {};
+};
+
+const NotifyNodeConfigFormEmailConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: NotifyNodeConfigFormEmailConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    senderAddress: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+        return validEmailAddress(v);
+      }, t("common.errmsg.email_invalid")),
+    receiverAddress: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+        return validEmailAddress(v);
+      }, t("common.errmsg.email_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="senderAddress"
+        label={t("workflow_node.notify.form.email_sender_address.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.notify.form.email_sender_address.tooltip") }}></span>}
+      >
+        <Input type="email" allowClear placeholder={t("workflow_node.notify.form.email_sender_address.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="receiverAddress"
+        label={t("workflow_node.notify.form.email_receiver_address.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.notify.form.email_receiver_address.tooltip") }}></span>}
+      >
+        <Input type="email" allowClear placeholder={t("workflow_node.notify.form.email_receiver_address.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default NotifyNodeConfigFormEmailConfig;
diff --git a/ui/src/components/workflow/node/NotifyNodeConfigFormMattermostConfig.tsx b/ui/src/components/workflow/node/NotifyNodeConfigFormMattermostConfig.tsx
new file mode 100644
index 00000000..c091298b
--- /dev/null
+++ b/ui/src/components/workflow/node/NotifyNodeConfigFormMattermostConfig.tsx
@@ -0,0 +1,61 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+type NotifyNodeConfigFormMattermostConfigFieldValues = Nullish<{
+  channelId?: string;
+}>;
+
+export type NotifyNodeConfigFormMattermostConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: NotifyNodeConfigFormMattermostConfigFieldValues;
+  onValuesChange?: (values: NotifyNodeConfigFormMattermostConfigFieldValues) => void;
+};
+
+const initFormModel = (): NotifyNodeConfigFormMattermostConfigFieldValues => {
+  return {};
+};
+
+const NotifyNodeConfigFormMattermostConfig = ({
+  form: formInst,
+  formName,
+  disabled,
+  initialValues,
+  onValuesChange,
+}: NotifyNodeConfigFormMattermostConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    channelId: z.string().nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="channelId"
+        label={t("workflow_node.notify.form.mattermost_channel_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.notify.form.mattermost_channel_id.tooltip") }}></span>}
+      >
+        <Input allowClear placeholder={t("workflow_node.notify.form.mattermost_channel_id.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default NotifyNodeConfigFormMattermostConfig;
diff --git a/ui/src/components/workflow/node/NotifyNodeConfigFormTelegramConfig.tsx b/ui/src/components/workflow/node/NotifyNodeConfigFormTelegramConfig.tsx
new file mode 100644
index 00000000..07774413
--- /dev/null
+++ b/ui/src/components/workflow/node/NotifyNodeConfigFormTelegramConfig.tsx
@@ -0,0 +1,66 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+type NotifyNodeConfigFormTelegramConfigFieldValues = Nullish<{
+  chatId?: string | number;
+}>;
+
+export type NotifyNodeConfigFormTelegramConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: NotifyNodeConfigFormTelegramConfigFieldValues;
+  onValuesChange?: (values: NotifyNodeConfigFormTelegramConfigFieldValues) => void;
+};
+
+const initFormModel = (): NotifyNodeConfigFormTelegramConfigFieldValues => {
+  return {};
+};
+
+const NotifyNodeConfigFormTelegramConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: NotifyNodeConfigFormTelegramConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    chatId: z
+      .preprocess(
+        (v) => (v == null || v === "" ? undefined : Number(v)),
+        z
+          .number()
+          .nullish()
+          .refine((v) => {
+            if (v == null || v + "" === "") return true;
+            return /^\d+$/.test(v + "") && +v! > 0;
+          }, t("workflow_node.notify.form.telegram_chat_id.placeholder"))
+      )
+      .nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="chatId"
+        label={t("workflow_node.notify.form.telegram_chat_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.notify.form.telegram_chat_id.tooltip") }}></span>}
+      >
+        <Input type="number" allowClear placeholder={t("workflow_node.notify.form.telegram_chat_id.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default NotifyNodeConfigFormTelegramConfig;
diff --git a/ui/src/components/workflow/node/NotifyNodeConfigFormWebhookConfig.tsx b/ui/src/components/workflow/node/NotifyNodeConfigFormWebhookConfig.tsx
new file mode 100644
index 00000000..acaf00c2
--- /dev/null
+++ b/ui/src/components/workflow/node/NotifyNodeConfigFormWebhookConfig.tsx
@@ -0,0 +1,86 @@
+import { useTranslation } from "react-i18next";
+import { Alert, Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+type NotifyNodeConfigFormWebhookConfigFieldValues = Nullish<{
+  webhookData: string;
+}>;
+
+export type NotifyNodeConfigFormWebhookConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: NotifyNodeConfigFormWebhookConfigFieldValues;
+  onValuesChange?: (values: NotifyNodeConfigFormWebhookConfigFieldValues) => void;
+};
+
+const initFormModel = (): NotifyNodeConfigFormWebhookConfigFieldValues => {
+  return {};
+};
+
+const NotifyNodeConfigFormWebhookConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: NotifyNodeConfigFormWebhookConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    webhookData: z
+      .string()
+      .nullish()
+      .refine((v) => {
+        if (!v) return true;
+
+        try {
+          const obj = JSON.parse(v);
+          return typeof obj === "object" && !Array.isArray(obj);
+        } catch {
+          return false;
+        }
+      }, t("workflow_node.notify.form.webhook_data.errmsg.json_invalid")),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleWebhookDataBlur = (e: React.FocusEvent<HTMLTextAreaElement>) => {
+    const value = e.target.value;
+    try {
+      const json = JSON.stringify(JSON.parse(value), null, 2);
+      formInst.setFieldValue("webhookData", json);
+    } catch {
+      return;
+    }
+  };
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="webhookData"
+        label={t("workflow_node.notify.form.webhook_data.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.notify.form.webhook_data.tooltip") }}></span>}
+      >
+        <Input.TextArea
+          allowClear
+          autoSize={{ minRows: 3, maxRows: 10 }}
+          placeholder={t("workflow_node.notify.form.webhook_data.placeholder")}
+          onBlur={handleWebhookDataBlur}
+        />
+      </Form.Item>
+
+      <Form.Item>
+        <Alert type="info" message={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.notify.form.webhook_data.guide") }}></span>} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default NotifyNodeConfigFormWebhookConfig;
diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts
index 2b217e11..b7c54306 100644
--- a/ui/src/domain/access.ts
+++ b/ui/src/domain/access.ts
@@ -22,10 +22,12 @@ export interface AccessModel extends BaseModel {
       | AccessConfigForClouDNS
       | AccessConfigForCMCCCloud
       | AccessConfigForDeSEC
+      | AccessConfigForDingTalkBot
       | AccessConfigForDNSLA
       | AccessConfigForDogeCloud
       | AccessConfigForDynv6
       | AccessConfigForEdgio
+      | AccessConfigForEmail
       | AccessConfigForGcore
       | AccessConfigForGname
       | AccessConfigForGoDaddy
@@ -33,6 +35,8 @@ export interface AccessModel extends BaseModel {
       | AccessConfigForHuaweiCloud
       | AccessConfigForJDCloud
       | AccessConfigForKubernetes
+      | AccessConfigForLarkBot
+      | AccessConfigForMattermost
       | AccessConfigForNamecheap
       | AccessConfigForNameDotCom
       | AccessConfigForNameSilo
@@ -43,6 +47,7 @@ export interface AccessModel extends BaseModel {
       | AccessConfigForSafeLine
       | AccessConfigForSSH
       | AccessConfigForSSLCom
+      | AccessConfigForTelegram
       | AccessConfigForTencentCloud
       | AccessConfigForUCloud
       | AccessConfigForUpyun
@@ -50,9 +55,11 @@ export interface AccessModel extends BaseModel {
       | AccessConfigForVolcEngine
       | AccessConfigForWangsu
       | AccessConfigForWebhook
+      | AccessConfigForWeComBot
       | AccessConfigForWestcn
       | AccessConfigForZeroSSL
     );
+  reserve?: "ca" | "notification";
 }
 
 // #region AccessConfig
@@ -139,6 +146,11 @@ export type AccessConfigForDeSEC = {
   token: string;
 };
 
+export type AccessConfigForDingTalkBot = {
+  webhookUrl: string;
+  secret?: string;
+};
+
 export type AccessConfigForDNSLA = {
   apiId: string;
   apiSecret: string;
@@ -158,6 +170,16 @@ export type AccessConfigForEdgio = {
   clientSecret: string;
 };
 
+export type AccessConfigForEmail = {
+  smtpHost: string;
+  smtpPort: number;
+  smtpTls: boolean;
+  username: string;
+  password: string;
+  defaultSenderAddress?: string;
+  defaultReceiverAddress?: string;
+};
+
 export type AccessConfigForGcore = {
   apiToken: string;
 };
@@ -191,6 +213,17 @@ export type AccessConfigForKubernetes = {
   kubeConfig?: string;
 };
 
+export type AccessConfigForLarkBot = {
+  webhookUrl: string;
+};
+
+export type AccessConfigForMattermost = {
+  serverUrl: string;
+  username: string;
+  password: string;
+  defaultChannelId?: string;
+};
+
 export type AccessConfigForNamecheap = {
   username: string;
   apiKey: string;
@@ -248,6 +281,11 @@ export type AccessConfigForSSLCom = {
   eabHmacKey: string;
 };
 
+export type AccessConfigForTelegram = {
+  botToken: string;
+  defaultChatId?: number;
+};
+
 export type AccessConfigForTencentCloud = {
   secretId: string;
   secretKey: string;
@@ -282,7 +320,15 @@ export type AccessConfigForWangsu = {
 
 export type AccessConfigForWebhook = {
   url: string;
+  method: string;
+  headers?: string;
   allowInsecureConnections?: boolean;
+  defaultDataForDeployment?: string;
+  defaultDataForNotification?: string;
+};
+
+export type AccessConfigForWeComBot = {
+  webhookUrl: string;
 };
 
 export type AccessConfigForWestcn = {
diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts
index a91e34cf..73cc7e7d 100644
--- a/ui/src/domain/provider.ts
+++ b/ui/src/domain/provider.ts
@@ -21,10 +21,12 @@ export const ACCESS_PROVIDERS = Object.freeze({
   CLOUDNS: "cloudns",
   CMCCCLOUD: "cmcccloud",
   DESEC: "desec",
+  DINGTALKBOT: "dingtalkbot",
   DNSLA: "dnsla",
   DOGECLOUD: "dogecloud",
   DYNV6: "dynv6",
   EDGIO: "edgio",
+  EMAIL: "email",
   GCORE: "gcore",
   GNAME: "gname",
   GODADDY: "godaddy",
@@ -32,9 +34,11 @@ export const ACCESS_PROVIDERS = Object.freeze({
   HUAWEICLOUD: "huaweicloud",
   JDCLOUD: "jdcloud",
   KUBERNETES: "k8s",
+  LARKBOT: "larkbot",
   LETSENCRYPT: "letsencrypt",
   LETSENCRYPTSTAGING: "letsencryptstaging",
   LOCAL: "local",
+  MATTERMOST: "mattermost",
   NAMECHEAP: "namecheap",
   NAMEDOTCOM: "namedotcom",
   NAMESILO: "namesilo",
@@ -46,6 +50,7 @@ export const ACCESS_PROVIDERS = Object.freeze({
   SAFELINE: "safeline",
   SSH: "ssh",
   SSLCOM: "sslcom",
+  TELEGRAM: "telegram",
   TENCENTCLOUD: "tencentcloud",
   UCLOUD: "ucloud",
   UPYUN: "upyun",
@@ -53,6 +58,7 @@ export const ACCESS_PROVIDERS = Object.freeze({
   VOLCENGINE: "volcengine",
   WANGSU: "wangsu",
   WEBHOOK: "webhook",
+  WECOMBOT: "wecombot",
   WESTCN: "westcn",
   ZEROSSL: "zerossl",
 } as const);
@@ -137,6 +143,13 @@ export const accessProvidersMap: Map<AccessProvider["type"] | string, AccessProv
     [ACCESS_PROVIDERS.GOOGLETRUSTSERVICES, "provider.googletrustservices", "/imgs/providers/google.svg", [ACCESS_USAGES.CA]],
     [ACCESS_PROVIDERS.SSLCOM, "provider.sslcom", "/imgs/providers/sslcom.svg", [ACCESS_USAGES.CA]],
     [ACCESS_PROVIDERS.ZEROSSL, "provider.zerossl", "/imgs/providers/zerossl.svg", [ACCESS_USAGES.CA]],
+
+    [ACCESS_PROVIDERS.EMAIL, "provider.email", "/imgs/providers/email.svg", [ACCESS_USAGES.NOTIFICATION]],
+    [ACCESS_PROVIDERS.DINGTALKBOT, "provider.dingtalkbot", "/imgs/providers/dingtalk.svg", [ACCESS_USAGES.NOTIFICATION]],
+    [ACCESS_PROVIDERS.LARKBOT, "provider.larkbot", "/imgs/providers/lark.svg", [ACCESS_USAGES.NOTIFICATION]],
+    [ACCESS_PROVIDERS.WECOMBOT, "provider.wecombot", "/imgs/providers/wecom.svg", [ACCESS_USAGES.NOTIFICATION]],
+    [ACCESS_PROVIDERS.MATTERMOST, "provider.mattermost", "/imgs/providers/mattermost.svg", [ACCESS_USAGES.NOTIFICATION]],
+    [ACCESS_PROVIDERS.TELEGRAM, "provider.telegram", "/imgs/providers/telegram.svg", [ACCESS_USAGES.NOTIFICATION]],
   ].map((e) => [
     e[0] as string,
     {
@@ -150,12 +163,12 @@ export const accessProvidersMap: Map<AccessProvider["type"] | string, AccessProv
 );
 // #endregion
 
-// #region ApplyCAProvider
+// #region CAProvider
 /*
   注意：如果追加新的常量值，请保持以 ASCII 排序。
   NOTICE: If you add new constant, please keep ASCII order.
  */
-export const APPLY_CA_PROVIDERS = Object.freeze({
+export const CA_PROVIDERS = Object.freeze({
   BUYPASS: `${ACCESS_PROVIDERS.BUYPASS}`,
   GOOGLETRUSTSERVICES: `${ACCESS_PROVIDERS.GOOGLETRUSTSERVICES}`,
   LETSENCRYPT: `${ACCESS_PROVIDERS.LETSENCRYPT}`,
@@ -164,32 +177,32 @@ export const APPLY_CA_PROVIDERS = Object.freeze({
   ZEROSSL: `${ACCESS_PROVIDERS.ZEROSSL}`,
 } as const);
 
-export type ApplyCAProviderType = (typeof APPLY_CA_PROVIDERS)[keyof typeof APPLY_CA_PROVIDERS];
+export type CAProviderType = (typeof CA_PROVIDERS)[keyof typeof CA_PROVIDERS];
 
-export type ApplyCAProvider = {
-  type: ApplyCAProviderType;
+export type CAProvider = {
+  type: CAProviderType;
   name: string;
   icon: string;
   provider: AccessProviderType;
   builtin: boolean;
 };
 
-export const applyCAProvidersMap: Map<ApplyCAProvider["type"] | string, ApplyCAProvider> = new Map(
+export const caProvidersMap: Map<CAProvider["type"] | string, CAProvider> = new Map(
   /*
     注意：此处的顺序决定显示在前端的顺序。
     NOTICE: The following order determines the order displayed at the frontend.
   */
   [
-    [APPLY_CA_PROVIDERS.LETSENCRYPT, "builtin"],
-    [APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING, "builtin"],
-    [APPLY_CA_PROVIDERS.BUYPASS],
-    [APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES],
-    [APPLY_CA_PROVIDERS.SSLCOM],
-    [APPLY_CA_PROVIDERS.ZEROSSL],
+    [CA_PROVIDERS.LETSENCRYPT, "builtin"],
+    [CA_PROVIDERS.LETSENCRYPTSTAGING, "builtin"],
+    [CA_PROVIDERS.BUYPASS],
+    [CA_PROVIDERS.GOOGLETRUSTSERVICES],
+    [CA_PROVIDERS.SSLCOM],
+    [CA_PROVIDERS.ZEROSSL],
   ].map(([type, builtin]) => [
     type,
     {
-      type: type as ApplyCAProviderType,
+      type: type as CAProviderType,
       name: accessProvidersMap.get(type.split("-")[0])!.name,
       icon: accessProvidersMap.get(type.split("-")[0])!.icon,
       provider: type.split("-")[0] as AccessProviderType,
@@ -199,12 +212,12 @@ export const applyCAProvidersMap: Map<ApplyCAProvider["type"] | string, ApplyCAP
 );
 // #endregion
 
-// #region ApplyDNSProvider
+// #region ACMEDNS01Provider
 /*
-    注意：如果追加新的常量值，请保持以 ASCII 排序。
-    NOTICE: If you add new constant, please keep ASCII order.
-   */
-export const APPLY_DNS_PROVIDERS = Object.freeze({
+  注意：如果追加新的常量值，请保持以 ASCII 排序。
+  NOTICE: If you add new constant, please keep ASCII order.
+ */
+export const ACME_DNS01_PROVIDERS = Object.freeze({
   ACMEHTTPREQ: `${ACCESS_PROVIDERS.ACMEHTTPREQ}`,
   ALIYUN: `${ACCESS_PROVIDERS.ALIYUN}`, // 兼容旧值，等同于 `ALIYUN_DNS`
   ALIYUN_DNS: `${ACCESS_PROVIDERS.ALIYUN}-dns`,
@@ -244,54 +257,54 @@ export const APPLY_DNS_PROVIDERS = Object.freeze({
   WESTCN: `${ACCESS_PROVIDERS.WESTCN}`,
 } as const);
 
-export type ApplyDNSProviderType = (typeof APPLY_DNS_PROVIDERS)[keyof typeof APPLY_DNS_PROVIDERS];
+export type ACMEDns01ProviderType = (typeof ACME_DNS01_PROVIDERS)[keyof typeof ACME_DNS01_PROVIDERS];
 
-export type ApplyDNSProvider = {
-  type: ApplyDNSProviderType;
+export type ACMEDns01Provider = {
+  type: ACMEDns01ProviderType;
   name: string;
   icon: string;
   provider: AccessProviderType;
 };
 
-export const applyDNSProvidersMap: Map<ApplyDNSProvider["type"] | string, ApplyDNSProvider> = new Map(
+export const acmeDns01ProvidersMap: Map<ACMEDns01Provider["type"] | string, ACMEDns01Provider> = new Map(
   /*
-     注意：此处的顺序决定显示在前端的顺序。
-     NOTICE: The following order determines the order displayed at the frontend.
-    */
+    注意：此处的顺序决定显示在前端的顺序。
+    NOTICE: The following order determines the order displayed at the frontend.
+   */
   [
-    [APPLY_DNS_PROVIDERS.ALIYUN_DNS, "provider.aliyun.dns"],
-    [APPLY_DNS_PROVIDERS.TENCENTCLOUD_DNS, "provider.tencentcloud.dns"],
-    [APPLY_DNS_PROVIDERS.TENCENTCLOUD_EO, "provider.tencentcloud.eo"],
-    [APPLY_DNS_PROVIDERS.BAIDUCLOUD_DNS, "provider.baiducloud.dns"],
-    [APPLY_DNS_PROVIDERS.HUAWEICLOUD_DNS, "provider.huaweicloud.dns"],
-    [APPLY_DNS_PROVIDERS.VOLCENGINE_DNS, "provider.volcengine.dns"],
-    [APPLY_DNS_PROVIDERS.JDCLOUD_DNS, "provider.jdcloud.dns"],
-    [APPLY_DNS_PROVIDERS.AWS_ROUTE53, "provider.aws.route53"],
-    [APPLY_DNS_PROVIDERS.AZURE_DNS, "provider.azure.dns"],
-    [APPLY_DNS_PROVIDERS.BUNNY, "provider.bunny"],
-    [APPLY_DNS_PROVIDERS.CLOUDFLARE, "provider.cloudflare"],
-    [APPLY_DNS_PROVIDERS.CLOUDNS, "provider.cloudns"],
-    [APPLY_DNS_PROVIDERS.DESEC, "provider.desec"],
-    [APPLY_DNS_PROVIDERS.DNSLA, "provider.dnsla"],
-    [APPLY_DNS_PROVIDERS.DYNV6, "provider.dynv6"],
-    [APPLY_DNS_PROVIDERS.GCORE, "provider.gcore"],
-    [APPLY_DNS_PROVIDERS.GNAME, "provider.gname"],
-    [APPLY_DNS_PROVIDERS.GODADDY, "provider.godaddy"],
-    [APPLY_DNS_PROVIDERS.NAMECHEAP, "provider.namecheap"],
-    [APPLY_DNS_PROVIDERS.NAMEDOTCOM, "provider.namedotcom"],
-    [APPLY_DNS_PROVIDERS.NAMESILO, "provider.namesilo"],
-    [APPLY_DNS_PROVIDERS.NS1, "provider.ns1"],
-    [APPLY_DNS_PROVIDERS.PORKBUN, "provider.porkbun"],
-    [APPLY_DNS_PROVIDERS.VERCEL, "provider.vercel"],
-    [APPLY_DNS_PROVIDERS.CMCCCLOUD, "provider.cmcccloud"],
-    [APPLY_DNS_PROVIDERS.RAINYUN, "provider.rainyun"],
-    [APPLY_DNS_PROVIDERS.WESTCN, "provider.westcn"],
-    [APPLY_DNS_PROVIDERS.POWERDNS, "provider.powerdns"],
-    [APPLY_DNS_PROVIDERS.ACMEHTTPREQ, "provider.acmehttpreq"],
+    [ACME_DNS01_PROVIDERS.ALIYUN_DNS, "provider.aliyun.dns"],
+    [ACME_DNS01_PROVIDERS.TENCENTCLOUD_DNS, "provider.tencentcloud.dns"],
+    [ACME_DNS01_PROVIDERS.TENCENTCLOUD_EO, "provider.tencentcloud.eo"],
+    [ACME_DNS01_PROVIDERS.BAIDUCLOUD_DNS, "provider.baiducloud.dns"],
+    [ACME_DNS01_PROVIDERS.HUAWEICLOUD_DNS, "provider.huaweicloud.dns"],
+    [ACME_DNS01_PROVIDERS.VOLCENGINE_DNS, "provider.volcengine.dns"],
+    [ACME_DNS01_PROVIDERS.JDCLOUD_DNS, "provider.jdcloud.dns"],
+    [ACME_DNS01_PROVIDERS.AWS_ROUTE53, "provider.aws.route53"],
+    [ACME_DNS01_PROVIDERS.AZURE_DNS, "provider.azure.dns"],
+    [ACME_DNS01_PROVIDERS.BUNNY, "provider.bunny"],
+    [ACME_DNS01_PROVIDERS.CLOUDFLARE, "provider.cloudflare"],
+    [ACME_DNS01_PROVIDERS.CLOUDNS, "provider.cloudns"],
+    [ACME_DNS01_PROVIDERS.DESEC, "provider.desec"],
+    [ACME_DNS01_PROVIDERS.DNSLA, "provider.dnsla"],
+    [ACME_DNS01_PROVIDERS.DYNV6, "provider.dynv6"],
+    [ACME_DNS01_PROVIDERS.GCORE, "provider.gcore"],
+    [ACME_DNS01_PROVIDERS.GNAME, "provider.gname"],
+    [ACME_DNS01_PROVIDERS.GODADDY, "provider.godaddy"],
+    [ACME_DNS01_PROVIDERS.NAMECHEAP, "provider.namecheap"],
+    [ACME_DNS01_PROVIDERS.NAMEDOTCOM, "provider.namedotcom"],
+    [ACME_DNS01_PROVIDERS.NAMESILO, "provider.namesilo"],
+    [ACME_DNS01_PROVIDERS.NS1, "provider.ns1"],
+    [ACME_DNS01_PROVIDERS.PORKBUN, "provider.porkbun"],
+    [ACME_DNS01_PROVIDERS.VERCEL, "provider.vercel"],
+    [ACME_DNS01_PROVIDERS.CMCCCLOUD, "provider.cmcccloud"],
+    [ACME_DNS01_PROVIDERS.RAINYUN, "provider.rainyun"],
+    [ACME_DNS01_PROVIDERS.WESTCN, "provider.westcn"],
+    [ACME_DNS01_PROVIDERS.POWERDNS, "provider.powerdns"],
+    [ACME_DNS01_PROVIDERS.ACMEHTTPREQ, "provider.acmehttpreq"],
   ].map(([type, name]) => [
     type,
     {
-      type: type as ApplyDNSProviderType,
+      type: type as ACMEDns01ProviderType,
       name: name,
       icon: accessProvidersMap.get(type.split("-")[0])!.icon,
       provider: type.split("-")[0] as AccessProviderType,
@@ -300,12 +313,12 @@ export const applyDNSProvidersMap: Map<ApplyDNSProvider["type"] | string, ApplyD
 );
 // #endregion
 
-// #region DeployProvider
+// #region DeploymentProvider
 /*
-    注意：如果追加新的常量值，请保持以 ASCII 排序。
-    NOTICE: If you add new constant, please keep ASCII order.
-   */
-export const DEPLOY_PROVIDERS = Object.freeze({
+  注意：如果追加新的常量值，请保持以 ASCII 排序。
+  NOTICE: If you add new constant, please keep ASCII order.
+ */
+export const DEPLOYMENT_PROVIDERS = Object.freeze({
   ["1PANEL_CONSOLE"]: `${ACCESS_PROVIDERS["1PANEL"]}-console`,
   ["1PANEL_SITE"]: `${ACCESS_PROVIDERS["1PANEL"]}-site`,
   ALIYUN_ALB: `${ACCESS_PROVIDERS.ALIYUN}-alb`,
@@ -382,9 +395,9 @@ export const DEPLOY_PROVIDERS = Object.freeze({
   WEBHOOK: `${ACCESS_PROVIDERS.WEBHOOK}`,
 } as const);
 
-export type DeployProviderType = (typeof DEPLOY_PROVIDERS)[keyof typeof DEPLOY_PROVIDERS];
+export type DeploymentProviderType = (typeof DEPLOYMENT_PROVIDERS)[keyof typeof DEPLOYMENT_PROVIDERS];
 
-export const DEPLOY_CATEGORIES = Object.freeze({
+export const DEPLOYMENT_CATEGORIES = Object.freeze({
   ALL: "all",
   CDN: "cdn",
   STORAGE: "storage",
@@ -396,107 +409,156 @@ export const DEPLOY_CATEGORIES = Object.freeze({
   OTHER: "other",
 } as const);
 
-export type DeployCategoryType = (typeof DEPLOY_CATEGORIES)[keyof typeof DEPLOY_CATEGORIES];
+export type DeploymentCategoryType = (typeof DEPLOYMENT_CATEGORIES)[keyof typeof DEPLOYMENT_CATEGORIES];
 
-export type DeployProvider = {
-  type: DeployProviderType;
+export type DeploymentProvider = {
+  type: DeploymentProviderType;
   name: string;
   icon: string;
   provider: AccessProviderType;
-  category: DeployCategoryType;
+  category: DeploymentCategoryType;
   builtin: boolean;
 };
 
-export const deployProvidersMap: Map<DeployProvider["type"] | string, DeployProvider> = new Map(
+export const deploymentProvidersMap: Map<DeploymentProvider["type"] | string, DeploymentProvider> = new Map(
   /*
      注意：此处的顺序决定显示在前端的顺序。
      NOTICE: The following order determines the order displayed at the frontend.
     */
   [
-    [DEPLOY_PROVIDERS.LOCAL, "provider.local", DEPLOY_CATEGORIES.OTHER, "builtin"],
-    [DEPLOY_PROVIDERS.SSH, "provider.ssh", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.WEBHOOK, "provider.webhook", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.KUBERNETES_SECRET, "provider.kubernetes.secret", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.ALIYUN_OSS, "provider.aliyun.oss", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.ALIYUN_CDN, "provider.aliyun.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.ALIYUN_DCDN, "provider.aliyun.dcdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.ALIYUN_ESA, "provider.aliyun.esa", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.ALIYUN_CLB, "provider.aliyun.clb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.ALIYUN_ALB, "provider.aliyun.alb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.ALIYUN_NLB, "provider.aliyun.nlb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.ALIYUN_WAF, "provider.aliyun.waf", DEPLOY_CATEGORIES.FIREWALL],
-    [DEPLOY_PROVIDERS.ALIYUN_LIVE, "provider.aliyun.live", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.ALIYUN_VOD, "provider.aliyun.vod", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.ALIYUN_FC, "provider.aliyun.fc", DEPLOY_CATEGORIES.SERVERLESS],
-    [DEPLOY_PROVIDERS.ALIYUN_APIGW, "provider.aliyun.apigw", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.ALIYUN_CAS, "provider.aliyun.cas_upload", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.ALIYUN_CAS_DEPLOY, "provider.aliyun.cas_deploy", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_COS, "provider.tencentcloud.cos", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_CDN, "provider.tencentcloud.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN, "provider.tencentcloud.ecdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_EO, "provider.tencentcloud.eo", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_CLB, "provider.tencentcloud.clb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_WAF, "provider.tencentcloud.waf", DEPLOY_CATEGORIES.FIREWALL],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_CSS, "provider.tencentcloud.css", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_VOD, "provider.tencentcloud.vod", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_SCF, "provider.tencentcloud.scf", DEPLOY_CATEGORIES.SERVERLESS],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_SSL, "provider.tencentcloud.ssl_upload", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.TENCENTCLOUD_SSL_DEPLOY, "provider.tencentcloud.ssl_deploy", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.BAIDUCLOUD_CDN, "provider.baiducloud.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.BAIDUCLOUD_BLB, "provider.baiducloud.blb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.BAIDUCLOUD_APPBLB, "provider.baiducloud.appblb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.BAIDUCLOUD_CERT, "provider.baiducloud.cert_upload", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.HUAWEICLOUD_CDN, "provider.huaweicloud.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.HUAWEICLOUD_ELB, "provider.huaweicloud.elb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.HUAWEICLOUD_WAF, "provider.huaweicloud.waf", DEPLOY_CATEGORIES.FIREWALL],
-    [DEPLOY_PROVIDERS.HUAWEICLOUD_SCM, "provider.huaweicloud.scm_upload", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.VOLCENGINE_TOS, "provider.volcengine.tos", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.VOLCENGINE_CDN, "provider.volcengine.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.VOLCENGINE_DCDN, "provider.volcengine.dcdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.VOLCENGINE_CLB, "provider.volcengine.clb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.VOLCENGINE_ALB, "provider.volcengine.alb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.VOLCENGINE_IMAGEX, "provider.volcengine.imagex", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.VOLCENGINE_LIVE, "provider.volcengine.live", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.VOLCENGINE_CERTCENTER, "provider.volcengine.certcenter_upload", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.JDCLOUD_ALB, "provider.jdcloud.alb", DEPLOY_CATEGORIES.LOADBALANCE],
-    [DEPLOY_PROVIDERS.JDCLOUD_CDN, "provider.jdcloud.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.JDCLOUD_LIVE, "provider.jdcloud.live", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.JDCLOUD_VOD, "provider.jdcloud.vod", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.QINIU_KODO, "provider.qiniu.kodo", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.QINIU_CDN, "provider.qiniu.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.QINIU_PILI, "provider.qiniu.pili", DEPLOY_CATEGORIES.AV],
-    [DEPLOY_PROVIDERS.UPYUN_FILE, "provider.upyun.file", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.UPYUN_CDN, "provider.upyun.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.BAISHAN_CDN, "provider.baishan.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.WANGSU_CDNPRO, "provider.wangsu.cdnpro", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.DOGECLOUD_CDN, "provider.dogecloud.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.BYTEPLUS_CDN, "provider.byteplus.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.UCLOUD_US3, "provider.ucloud.us3", DEPLOY_CATEGORIES.STORAGE],
-    [DEPLOY_PROVIDERS.UCLOUD_UCDN, "provider.ucloud.ucdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.RAINYUN_RCDN, "provider.rainyun.rcdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.AWS_CLOUDFRONT, "provider.aws.cloudfront", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.AWS_ACM, "provider.aws.acm", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.AZURE_KEYVAULT, "provider.azure.keyvault", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.BUNNY_CDN, "provider.bunny.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.CACHEFLY, "provider.cachefly", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.CDNFLY, "provider.cdnfly", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS.EDGIO_APPLICATIONS, "provider.edgio.applications", DEPLOY_CATEGORIES.WEBSITE],
-    [DEPLOY_PROVIDERS.GCORE_CDN, "provider.gcore.cdn", DEPLOY_CATEGORIES.CDN],
-    [DEPLOY_PROVIDERS["1PANEL_SITE"], "provider.1panel.site", DEPLOY_CATEGORIES.WEBSITE],
-    [DEPLOY_PROVIDERS["1PANEL_CONSOLE"], "provider.1panel.console", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.BAOTAPANEL_SITE, "provider.baotapanel.site", DEPLOY_CATEGORIES.WEBSITE],
-    [DEPLOY_PROVIDERS.BAOTAPANEL_CONSOLE, "provider.baotapanel.console", DEPLOY_CATEGORIES.OTHER],
-    [DEPLOY_PROVIDERS.SAFELINE, "provider.safeline", DEPLOY_CATEGORIES.FIREWALL],
+    [DEPLOYMENT_PROVIDERS.LOCAL, "provider.local", DEPLOYMENT_CATEGORIES.OTHER, "builtin"],
+    [DEPLOYMENT_PROVIDERS.SSH, "provider.ssh", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.WEBHOOK, "provider.webhook", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.KUBERNETES_SECRET, "provider.kubernetes.secret", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_OSS, "provider.aliyun.oss", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_CDN, "provider.aliyun.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_DCDN, "provider.aliyun.dcdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_ESA, "provider.aliyun.esa", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_CLB, "provider.aliyun.clb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_ALB, "provider.aliyun.alb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_NLB, "provider.aliyun.nlb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_WAF, "provider.aliyun.waf", DEPLOYMENT_CATEGORIES.FIREWALL],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_LIVE, "provider.aliyun.live", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_VOD, "provider.aliyun.vod", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_FC, "provider.aliyun.fc", DEPLOYMENT_CATEGORIES.SERVERLESS],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_APIGW, "provider.aliyun.apigw", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_CAS, "provider.aliyun.cas_upload", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.ALIYUN_CAS_DEPLOY, "provider.aliyun.cas_deploy", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_COS, "provider.tencentcloud.cos", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_CDN, "provider.tencentcloud.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_ECDN, "provider.tencentcloud.ecdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_EO, "provider.tencentcloud.eo", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_CLB, "provider.tencentcloud.clb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_WAF, "provider.tencentcloud.waf", DEPLOYMENT_CATEGORIES.FIREWALL],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_CSS, "provider.tencentcloud.css", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_VOD, "provider.tencentcloud.vod", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_SCF, "provider.tencentcloud.scf", DEPLOYMENT_CATEGORIES.SERVERLESS],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_SSL, "provider.tencentcloud.ssl_upload", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.TENCENTCLOUD_SSL_DEPLOY, "provider.tencentcloud.ssl_deploy", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.BAIDUCLOUD_CDN, "provider.baiducloud.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.BAIDUCLOUD_BLB, "provider.baiducloud.blb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.BAIDUCLOUD_APPBLB, "provider.baiducloud.appblb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.BAIDUCLOUD_CERT, "provider.baiducloud.cert_upload", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.HUAWEICLOUD_CDN, "provider.huaweicloud.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.HUAWEICLOUD_ELB, "provider.huaweicloud.elb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.HUAWEICLOUD_WAF, "provider.huaweicloud.waf", DEPLOYMENT_CATEGORIES.FIREWALL],
+    [DEPLOYMENT_PROVIDERS.HUAWEICLOUD_SCM, "provider.huaweicloud.scm_upload", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_TOS, "provider.volcengine.tos", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_CDN, "provider.volcengine.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_DCDN, "provider.volcengine.dcdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_CLB, "provider.volcengine.clb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_ALB, "provider.volcengine.alb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_IMAGEX, "provider.volcengine.imagex", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_LIVE, "provider.volcengine.live", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.VOLCENGINE_CERTCENTER, "provider.volcengine.certcenter_upload", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.JDCLOUD_ALB, "provider.jdcloud.alb", DEPLOYMENT_CATEGORIES.LOADBALANCE],
+    [DEPLOYMENT_PROVIDERS.JDCLOUD_CDN, "provider.jdcloud.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.JDCLOUD_LIVE, "provider.jdcloud.live", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.JDCLOUD_VOD, "provider.jdcloud.vod", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.QINIU_KODO, "provider.qiniu.kodo", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.QINIU_CDN, "provider.qiniu.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.QINIU_PILI, "provider.qiniu.pili", DEPLOYMENT_CATEGORIES.AV],
+    [DEPLOYMENT_PROVIDERS.UPYUN_FILE, "provider.upyun.file", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.UPYUN_CDN, "provider.upyun.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.BAISHAN_CDN, "provider.baishan.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.WANGSU_CDNPRO, "provider.wangsu.cdnpro", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.DOGECLOUD_CDN, "provider.dogecloud.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.BYTEPLUS_CDN, "provider.byteplus.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.UCLOUD_US3, "provider.ucloud.us3", DEPLOYMENT_CATEGORIES.STORAGE],
+    [DEPLOYMENT_PROVIDERS.UCLOUD_UCDN, "provider.ucloud.ucdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.RAINYUN_RCDN, "provider.rainyun.rcdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.AWS_CLOUDFRONT, "provider.aws.cloudfront", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.AWS_ACM, "provider.aws.acm", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.AZURE_KEYVAULT, "provider.azure.keyvault", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.BUNNY_CDN, "provider.bunny.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.CACHEFLY, "provider.cachefly", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.CDNFLY, "provider.cdnfly", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS.EDGIO_APPLICATIONS, "provider.edgio.applications", DEPLOYMENT_CATEGORIES.WEBSITE],
+    [DEPLOYMENT_PROVIDERS.GCORE_CDN, "provider.gcore.cdn", DEPLOYMENT_CATEGORIES.CDN],
+    [DEPLOYMENT_PROVIDERS["1PANEL_SITE"], "provider.1panel.site", DEPLOYMENT_CATEGORIES.WEBSITE],
+    [DEPLOYMENT_PROVIDERS["1PANEL_CONSOLE"], "provider.1panel.console", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.BAOTAPANEL_SITE, "provider.baotapanel.site", DEPLOYMENT_CATEGORIES.WEBSITE],
+    [DEPLOYMENT_PROVIDERS.BAOTAPANEL_CONSOLE, "provider.baotapanel.console", DEPLOYMENT_CATEGORIES.OTHER],
+    [DEPLOYMENT_PROVIDERS.SAFELINE, "provider.safeline", DEPLOYMENT_CATEGORIES.FIREWALL],
   ].map(([type, name, category, builtin]) => [
     type,
     {
-      type: type as DeployProviderType,
+      type: type as DeploymentProviderType,
       name: name,
       icon: accessProvidersMap.get(type.split("-")[0])!.icon,
       provider: type.split("-")[0] as AccessProviderType,
-      category: category as DeployCategoryType,
+      category: category as DeploymentCategoryType,
       builtin: builtin === "builtin",
     },
   ])
 );
 // #endregion
+
+// #region NotificationProvider
+/*
+  注意：如果追加新的常量值，请保持以 ASCII 排序。
+  NOTICE: If you add new constant, please keep ASCII order.
+ */
+export const NOTIFICATION_PROVIDERS = Object.freeze({
+  DINGTALKBOT: `${ACCESS_PROVIDERS.DINGTALKBOT}`,
+  EMAIL: `${ACCESS_PROVIDERS.EMAIL}`,
+  LARKBOT: `${ACCESS_PROVIDERS.LARKBOT}`,
+  MATTERMOST: `${ACCESS_PROVIDERS.MATTERMOST}`,
+  TELEGRAM: `${ACCESS_PROVIDERS.TELEGRAM}`,
+  WEBHOOK: `${ACCESS_PROVIDERS.WEBHOOK}`,
+  WECOMBOT: `${ACCESS_PROVIDERS.WECOMBOT}`,
+} as const);
+
+export type NotificationProviderType = (typeof CA_PROVIDERS)[keyof typeof CA_PROVIDERS];
+
+export type NotificationProvider = {
+  type: NotificationProviderType;
+  name: string;
+  icon: string;
+  provider: AccessProviderType;
+};
+
+export const notificationProvidersMap: Map<NotificationProvider["type"] | string, NotificationProvider> = new Map(
+  /*
+    注意：此处的顺序决定显示在前端的顺序。
+    NOTICE: The following order determines the order displayed at the frontend.
+   */
+  [
+    [NOTIFICATION_PROVIDERS.EMAIL],
+    [NOTIFICATION_PROVIDERS.WEBHOOK],
+    [NOTIFICATION_PROVIDERS.DINGTALKBOT],
+    [NOTIFICATION_PROVIDERS.LARKBOT],
+    [NOTIFICATION_PROVIDERS.WECOMBOT],
+    [NOTIFICATION_PROVIDERS.MATTERMOST],
+    [NOTIFICATION_PROVIDERS.TELEGRAM],
+  ].map(([type]) => [
+    type,
+    {
+      type: type as CAProviderType,
+      name: accessProvidersMap.get(type.split("-")[0])!.name,
+      icon: accessProvidersMap.get(type.split("-")[0])!.icon,
+      provider: type.split("-")[0] as AccessProviderType,
+    },
+  ])
+);
+// #endregion
diff --git a/ui/src/domain/settings.ts b/ui/src/domain/settings.ts
index e789f7e3..a711f543 100644
--- a/ui/src/domain/settings.ts
+++ b/ui/src/domain/settings.ts
@@ -1,8 +1,11 @@
-import { type ApplyCAProviderType } from "./provider";
+import { type CAProviderType } from "./provider";
 
 export const SETTINGS_NAMES = Object.freeze({
   EMAILS: "emails",
   NOTIFY_TEMPLATES: "notifyTemplates",
+  /**
+   * @deprecated
+   */
   NOTIFY_CHANNELS: "notifyChannels",
   SSL_PROVIDER: "sslProvider",
   PERSISTENCE: "persistence",
@@ -38,6 +41,9 @@ export const defaultNotifyTemplate: NotifyTemplate = {
 // #endregion
 
 // #region Settings: NotifyChannels
+/**
+ * @deprecated
+ */
 export const NOTIFY_CHANNELS = Object.freeze({
   BARK: "bark",
   DINGTALK: "dingtalk",
@@ -53,8 +59,14 @@ export const NOTIFY_CHANNELS = Object.freeze({
   WECOM: "wecom",
 } as const);
 
+/**
+ * @deprecated
+ */
 export type NotifyChannels = (typeof NOTIFY_CHANNELS)[keyof typeof NOTIFY_CHANNELS];
 
+/**
+ * @deprecated
+ */
 export type NotifyChannelsSettingsContent = {
   /*
     注意：如果追加新的类型，请保持以 ASCII 排序。
@@ -75,12 +87,18 @@ export type NotifyChannelsSettingsContent = {
   [NOTIFY_CHANNELS.WECOM]?: WeComNotifyChannelConfig;
 };
 
+/**
+ * @deprecated
+ */
 export type BarkNotifyChannelConfig = {
   deviceKey: string;
   serverUrl: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type EmailNotifyChannelConfig = {
   smtpHost: string;
   smtpPort: number;
@@ -92,12 +110,18 @@ export type EmailNotifyChannelConfig = {
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type DingTalkNotifyChannelConfig = {
   accessToken: string;
   secret: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type GotifyNotifyChannelConfig = {
   url: string;
   token: string;
@@ -105,56 +129,86 @@ export type GotifyNotifyChannelConfig = {
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type LarkNotifyChannelConfig = {
   webhookUrl: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type MattermostNotifyChannelConfig = {
   serverUrl: string;
   channel: string;
   username: string;
   password: string;
   enabled?: boolean;
-}
+};
 
+/**
+ * @deprecated
+ */
 export type PushoverNotifyChannelConfig = {
   token: string;
   user: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type PushPlusNotifyChannelConfig = {
   token: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type ServerChanNotifyChannelConfig = {
   url: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type TelegramNotifyChannelConfig = {
   apiToken: string;
   chatId: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type WebhookNotifyChannelConfig = {
   url: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type WeComNotifyChannelConfig = {
   webhookUrl: string;
   enabled?: boolean;
 };
 
+/**
+ * @deprecated
+ */
 export type NotifyChannel = {
   type: string;
   name: string;
 };
 
+/**
+ * @deprecated
+ */
 export const notifyChannelsMap: Map<NotifyChannel["type"], NotifyChannel> = new Map(
   [
     [NOTIFY_CHANNELS.EMAIL, "common.notifier.email"],
@@ -175,7 +229,7 @@ export const notifyChannelsMap: Map<NotifyChannel["type"], NotifyChannel> = new
 
 // #region Settings: SSLProvider
 export type SSLProviderSettingsContent = {
-  provider: ApplyCAProviderType;
+  provider: CAProviderType;
   config: {
     [key: string]: Record<string, unknown> | undefined;
   };
diff --git a/ui/src/domain/workflow.ts b/ui/src/domain/workflow.ts
index 11ea13da..06226425 100644
--- a/ui/src/domain/workflow.ts
+++ b/ui/src/domain/workflow.ts
@@ -154,9 +154,15 @@ export type WorkflowNodeConfigForDeploy = {
 };
 
 export type WorkflowNodeConfigForNotify = {
-  channel: string;
   subject: string;
   message: string;
+  /**
+   * @deprecated
+   */
+  channel?: string;
+  provider: string;
+  providerAccessId: string;
+  providerConfig?: Record<string, unknown>;
 };
 
 export type WorkflowNodeConfigForBranch = never;
diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json
index 2959a9b6..592d6e64 100644
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@@ -18,9 +18,9 @@
   "access.props.provider.usage.ca": "Certificate authority",
   "access.props.provider.usage.notification": "Notification channel",
   "access.props.provider.builtin": "Built-in",
-  "access.props.range.both_dns_hosting": "Provider",
-  "access.props.range.ca_only": "Certificate authority",
-  "access.props.range.notify_only": "Notification channel",
+  "access.props.usage.both_dns_hosting": "Provider",
+  "access.props.usage.ca_only": "Certificate authority",
+  "access.props.usage.notification_only": "Notification channel",
   "access.props.created_at": "Created at",
   "access.props.updated_at": "Updated at",
 
@@ -28,7 +28,7 @@
   "access.form.name.placeholder": "Please enter authorization name",
   "access.form.provider.label": "Provider",
   "access.form.provider.placeholder": "Please select a provider",
-  "access.form.provider.tooltip": "DNS provider: The provider that hosts your domain names and manages your DNS records.<br>Host provider: The provider that hosts your servers or cloud services for deploying certificates.<br><br><i>Cannot be edited after saving.</i>",
+  "access.form.provider.tooltip": "DNS provider: The provider that hosts your domain names and manages your DNS records.<br>Hosting provider: The provider that hosts your servers or cloud services for deploying certificates.<br><br><i>Cannot be edited after saving.</i>",
   "access.form.certificate_authority.label": "Certificate authority",
   "access.form.certificate_authority.placeholder": "Please select a certificate authority",
   "access.form.notification_channel.label": "Notification channel",
@@ -145,6 +145,12 @@
   "access.form.desec_token.label": "deSEC token",
   "access.form.desec_token.placeholder": "Please enter deSEC token",
   "access.form.desec_token.tooltip": "For more information, see <a href=\"https://desec.readthedocs.io/en/latest/auth/tokens.html#manage-tokens\" target=\"_blank\">https://desec.readthedocs.io/en/latest/auth/tokens.html</a>",
+  "access.form.dingtalkbot_webhook_url.label": "DingTalk bot Webhook URL",
+  "access.form.dingtalkbot_webhook_url.placeholder": "Please enter DingTalk bot Webhook URL",
+  "access.form.dingtalkbot_webhook_url.tooltip": "For more information, see <a href=\"https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot\" target=\"_blank\">https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot</a>",
+  "access.form.dingtalkbot_secret.label": "DingTalk bot secret",
+  "access.form.dingtalkbot_secret.placeholder": "Please enter DingTalk bot secret",
+  "access.form.dingtalkbot_secret.tooltip": "For more information, see <a href=\"https://open.dingtalk.com/document/orgapp/customize-robot-security-settings\" target=\"_blank\">https://open.dingtalk.com/document/orgapp/customize-robot-security-settings</a>",
   "access.form.dnsla_api_id.label": "DNS.LA API ID",
   "access.form.dnsla_api_id.placeholder": "Please enter DNS.LA API ID",
   "access.form.dnsla_api_id.tooltip": "For more information, see <a href=\"https://www.dns.la/docs/ApiDoc\" target=\"_blank\">https://www.dns.la/docs/ApiDoc</a>",
@@ -166,6 +172,19 @@
   "access.form.edgio_client_secret.label": "Edgio ClientSecret",
   "access.form.edgio_client_secret.placeholder": "Please enter Edgio ClientSecret",
   "access.form.edgio_client_secret.tooltip": "For more information, see <a href=\"https://docs.edg.io/applications/v7/rest_api/authentication#administering-api-clients\" target=\"_blank\">https://docs.edg.io/applications/v7/rest_api/authentication#administering-api-clients</a>",
+  "access.form.email_smtp_host.label": "SMTP host",
+  "access.form.email_smtp_host.placeholder": "Please enter SMTP host",
+  "access.form.email_smtp_port.label": "SMTP port",
+  "access.form.email_smtp_port.placeholder": "Please enter SMTP port",
+  "access.form.email_smtp_tls.label": "Use SSL/TLS",
+  "access.form.email_username.label": "Username",
+  "access.form.email_username.placeholder": "please enter username",
+  "access.form.email_password.label": "Password",
+  "access.form.email_password.placeholder": "please enter password",
+  "access.form.email_default_sender_address.label": "Default sender email address (Optional)",
+  "access.form.email_default_sender_address.placeholder": "Please enter default sender email address",
+  "access.form.email_default_receiver_address.label": "Default receiver email address (Optional)",
+  "access.form.email_default_receiver_address.placeholder": "Please enter default receiver email address",
   "access.form.gcore_api_token.label": "Gcore API token",
   "access.form.gcore_api_token.placeholder": "Please enter Gcore API token",
   "access.form.gcore_api_token.tooltip": "For more information, see <a href=\"https://api.gcore.com/docs/iam#section/Authentication\" target=\"_blank\">https://api.gcore.com/docs/iam#section/Authentication</a>",
@@ -203,6 +222,18 @@
   "access.form.k8s_kubeconfig.placeholder": "Please enter KubeConfig file",
   "access.form.k8s_kubeconfig.upload": "Choose File ...",
   "access.form.k8s_kubeconfig.tooltip": "For more information, see <a href=\"https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>Leave it blank to use the Pod's ServiceAccount.",
+  "access.form.larkbot_webhook_url.label": "Lark bot Webhook URL",
+  "access.form.larkbot_webhook_url.placeholder": "Please enter Lark bot Webhook URL",
+  "access.form.larkbot_webhook_url.tooltip": "For more information, see <a href=\"https://www.feishu.cn/hc/en-US/articles/807992406756\" target=\"_blank\">https://www.feishu.cn/hc/en-US/articles/807992406756</a>",
+  "access.form.mattermost_server_url.label": "Mattermost server URL",
+  "access.form.mattermost_server_url.placeholder": "Please enter Mattermost server URL",
+  "access.form.mattermost_username.label": "Mattermost username",
+  "access.form.mattermost_username.placeholder": "Please enter Mattermost username",
+  "access.form.mattermost_password.label": "Mattermost password",
+  "access.form.mattermost_password.placeholder": "Please enter Mattermost password",
+  "access.form.mattermost_default_channel_id.label": "Default Mattermost channel ID (Optional)",
+  "access.form.mattermost_default_channel_id.placeholder": "Please enter default Mattermost channel ID",
+  "access.form.mattermost_default_channel_id.tooltip": "How to get the channel ID? Select the target channel from the left sidebar, click on the channel name at the top, and choose ”Channel Details.” You can directly see the channel ID on the pop-up page.",
   "access.form.namecheap_username.label": "Namecheap username",
   "access.form.namecheap_username.placeholder": "Please enter Namecheap username",
   "access.form.namecheap_username.tooltip": "For more information, see <a href=\"https://www.namecheap.com/support/api/intro/\" target=\"_blank\">https://www.namecheap.com/support/api/intro/</a>",
@@ -274,6 +305,12 @@
   "access.form.sslcom_eab_hmac_key.label": "ACME EAB HMAC key",
   "access.form.sslcom_eab_hmac_key.placeholder": "Please enter ACME EAB HMAC key",
   "access.form.sslcom_eab_hmac_key.tooltip": "For more information, see <a href=\"https://www.ssl.com/how-to/generate-acme-credentials-for-reseller-customers/#ftoc-heading-6\" target=\"_blank\">https://www.ssl.com/how-to/generate-acme-credentials-for-reseller-customers/</a>",
+  "access.form.telegram_bot_token.label": "Telegram bot token",
+  "access.form.telegram_bot_token.placeholder": "Please enter Telegram bot token",
+  "access.form.telegram_bot_token.tooltip": "How to get the bot token? Please refer to <a href=\"https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a\" target=\"_blank\">https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a</a>",
+  "access.form.telegram_default_chat_id.label": "Default Telegram chat ID (Optional)",
+  "access.form.telegram_default_chat_id.placeholder": "Please enter default Telegram chat ID",
+  "access.form.telegram_default_chat_id.tooltip": "How to get the chat ID? Please refer to <a href=\"https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a\" target=\"_blank\">https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a</a>",
   "access.form.tencentcloud_secret_id.label": "Tencent Cloud SecretId",
   "access.form.tencentcloud_secret_id.placeholder": "Please enter Tencent Cloud SecretId",
   "access.form.tencentcloud_secret_id.tooltip": "For more information, see <a href=\"https://cloud.tencent.com/document/product/598/40488?lang=en\" target=\"_blank\">https://cloud.tencent.com/document/product/598/40488?lang=en</a>",
@@ -312,10 +349,34 @@
   "access.form.wangsu_api_key.tooltip": "For more information, see <a href=\"https://en.wangsu.com/document/account-manage/15776\" target=\"_blank\">https://en.wangsu.com/document/account-manage/15776</a>",
   "access.form.webhook_url.label": "Webhook URL",
   "access.form.webhook_url.placeholder": "Please enter Webhook URL",
+  "access.form.webhook_method.label": "Webhook request method",
+  "access.form.webhook_method.placeholder": "Please select Webhook request method",
+  "access.form.webhook_headers.label": "Webhook request headers (Optional)",
+  "access.form.webhook_headers.placeholder": "Please enter Webhook request headers",
+  "access.form.webhook_headers.errmsg.invalid": "Please enter a valid request headers",
+  "access.form.webhook_headers.tooltip": "Format: <br><i>key1: val2<br>key2: val2</i><br><br>Example: <br><i>Content-Type: application/json<br>User-Agent: certimate</i>",
+  "access.form.webhook_default_data.errmsg.json_invalid": "Please enter a valiod JSON string",
+  "access.form.webhook_default_data_for_deployment.label": "Webhook data for deployment (Optional)",
+  "access.form.webhook_default_data_for_deployment.placeholder": "Please enter Webhook data",
+  "access.form.webhook_default_data_for_deployment.guide": "Tips: The Webhook data should be in JSON format. <br><br>The values in JSON support template variables, which will be replaced by actual values when sent to the Webhook URL. Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).</li><li><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).</li><li><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.</li><li><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.</li></ol><br>When the request method is GET, the data will be passed as query string. Otherwise, the data will be encoded in the format indicated by the Content-Type in the request headers. Supported formats: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json (default).</li><li>application/x-www-form-urlencoded: Nested data is not supported.</li><li>multipart/form-data: Nested data is not supported.</li>",
+  "access.form.webhook_default_data_for_notification.label": "Webhook data for notification (Optional)",
+  "access.form.webhook_default_data_for_notification.placeholder": "Please enter Webhook data",
+  "access.form.webhook_default_data_for_notification.guide": "Tips: The Webhook data should be in JSON format. <br><br>The values in JSON support template variables, which will be replaced by actual values when sent to the Webhook URL. Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${SUBJECT}</strong>: The subject of notification.</li><li><strong>${MESSAGE}</strong>: The message of notification.</li></ol><br>When the request method is GET, the data will be passed as query string. Otherwise, the data will be encoded in the format indicated by the Content-Type in the request headers. Supported formats: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json (default).</li><li>application/x-www-form-urlencoded: Nested data is not supported.</li><li>multipart/form-data: Nested data is not supported.</li>",
+  "access.form.webhook_preset_data.button": "Use preset template",
+  "access.form.webhook_preset_data.option.bark.label": "Bark",
+  "access.form.webhook_preset_data.option.gotify.label": "Gotify",
+  "access.form.webhook_preset_data.option.ntfy.label": "ntfy",
+  "access.form.webhook_preset_data.option.pushover.label": "Pushover",
+  "access.form.webhook_preset_data.option.pushplus.label": "PushPlus",
+  "access.form.webhook_preset_data.option.serverchan.label": "ServerChan",
+  "access.form.webhook_preset_data.option.common.label": "General template",
   "access.form.webhook_allow_insecure_conns.label": "Insecure SSL/TLS connections",
   "access.form.webhook_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.",
   "access.form.webhook_allow_insecure_conns.switch.on": "Allow",
   "access.form.webhook_allow_insecure_conns.switch.off": "Disallow",
+  "access.form.wecombot_webhook_url.label": "WeCom bot Webhook URL",
+  "access.form.wecombot_webhook_url.placeholder": "Please enter WeCom bot Webhook URL",
+  "access.form.wecombot_webhook_url.tooltip": "For more information, see <a href=\"https://open.work.weixin.qq.com/help2/pc/18401#%E5%85%AD%E3%80%81%E7%BE%A4%E6%9C%BA%E5%99%A8%E4%BA%BAWebhook%E5%9C%B0%E5%9D%80\" target=\"_blank\">https://open.work.weixin.qq.com/help2/pc/18401</a>",
   "access.form.westcn_username.label": "West.cn username",
   "access.form.westcn_username.placeholder": "Please enter West.cn username",
   "access.form.westcn_username.tooltip": "For more information, see <a href=\"https://www.west.cn/CustomerCenter/doc/apiv2.html#12u3001u8eabu4efdu9a8cu8bc10a3ca20id3d12u3001u8eabu4efdu9a8cu8bc13e203ca3e\" target=\"_blank\">https://www.west.cn/CustomerCenter/doc/apiv2.html</a>",
diff --git a/ui/src/i18n/locales/en/nls.provider.json b/ui/src/i18n/locales/en/nls.provider.json
index 1d4b9c2b..9829faab 100644
--- a/ui/src/i18n/locales/en/nls.provider.json
+++ b/ui/src/i18n/locales/en/nls.provider.json
@@ -52,12 +52,14 @@
   "provider.ctcccloud": "China Telecom Cloud (State Cloud)",
   "provider.cucccloud": "China Unicom Cloud",
   "provider.desec": "deSEC",
+  "provider.dingtalkbot": "DingTalk Bot",
   "provider.dnsla": "DNS.LA",
   "provider.dogecloud": "Doge Cloud",
   "provider.dogecloud.cdn": "Doge Cloud - CDN (Content Delivery Network)",
   "provider.dynv6": "dynv6",
   "provider.edgio": "Edgio",
   "provider.edgio.applications": "Edgio - Applications",
+  "provider.email": "Email",
   "provider.fastly": "Fastly",
   "provider.gcore": "Gcore",
   "provider.gcore.cdn": "Gcore - CDN (Content Delivery Network)",
@@ -80,9 +82,11 @@
   "provider.jdcloud.vod": "JD Cloud - VOD (Video on Demand)",
   "provider.kubernetes": "Kubernetes",
   "provider.kubernetes.secret": "Kubernetes - Secret",
+  "provider.larkbot": "Lark Bot",
   "provider.letsencrypt": "Let's Encrypt",
   "provider.letsencryptstaging": "Let's Encrypt Staging Environment",
   "provider.local": "Local deployment",
+  "provider.mattermost": "Mattermost",
   "provider.namecheap": "Namecheap",
   "provider.namedotcom": "Name.com",
   "provider.namesilo": "NameSilo",
@@ -98,6 +102,7 @@
   "provider.safeline": "SafeLine",
   "provider.ssh": "SSH deployment",
   "provider.sslcom": "SSL.com",
+  "provider.telegram": "Telegram",
   "provider.tencentcloud": "Tencent Cloud",
   "provider.tencentcloud.cdn": "Tencent Cloud - CDN (Content Delivery Network)",
   "provider.tencentcloud.clb": "Tencent Cloud - CLB (Cloud Load Balancer)",
@@ -131,6 +136,7 @@
   "provider.wangsu": "Wangsu Cloud",
   "provider.wangsu.cdnpro": "Wangsu Cloud - CDN Pro",
   "provider.webhook": "Webhook",
+  "provider.wecombot": "WeCom Bot",
   "provider.westcn": "West.cn",
   "provider.zerossl": "ZeroSSL",
 
diff --git a/ui/src/i18n/locales/en/nls.settings.json b/ui/src/i18n/locales/en/nls.settings.json
index b56113c4..ee97efd7 100644
--- a/ui/src/i18n/locales/en/nls.settings.json
+++ b/ui/src/i18n/locales/en/nls.settings.json
@@ -82,7 +82,6 @@
   "settings.notification.channel.form.pushover_user.placeholder": "Please enter User/Group Key",
   "settings.notification.channel.form.pushover_user.label": "User/Group Key",
   "settings.notification.channel.form.pushover_user.tooltip": "For more information, see <a href=\"https://pushover.net/api#identifiers\" target=\"_blank\">https://pushover.net/api#identifiers</a>",
-  "settings.notification.channel.form.pushplus_token.placeholder": "Please enter Token",
   "settings.notification.channel.form.pushplus_token.label": "Token",
   "settings.notification.channel.form.pushplus_token.placeholder": "Please enter token",
   "settings.notification.channel.form.pushplus_token.tooltip": "For more information, see <a href=\"https://www.pushplus.plus/push1.html\" target=\"_blank\">https://www.pushplus.plus/push1.html</a>",
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index b04c7f04..8a353e51 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -93,8 +93,8 @@
   "workflow_node.deploy.search.provider.placeholder": "Search deploy target ...",
   "workflow_node.deploy.form.provider.label": "Deploy target",
   "workflow_node.deploy.form.provider.placeholder": "Please select deploy target",
-  "workflow_node.deploy.form.provider_access.label": "Host provider authorization",
-  "workflow_node.deploy.form.provider_access.placeholder": "Please select an authorization of host provider",
+  "workflow_node.deploy.form.provider_access.label": "Hosting provider authorization",
+  "workflow_node.deploy.form.provider_access.placeholder": "Please select an authorization of Hosting provider",
   "workflow_node.deploy.form.provider_access.tooltip": "Used to invoke API during deployment.",
   "workflow_node.deploy.form.provider_access.button": "Create",
   "workflow_node.deploy.form.provider_access.guide_for_local": "Tips: If you are running Certimate in Docker, the \"Local\" refers to the container rather than the host.",
@@ -685,11 +685,11 @@
   "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.label": "Wangsu Cloud CDN Webhook ID (Optional)",
   "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.placeholder": "Please enter Wangsu Cloud CDN Webhook ID",
   "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.tooltip": "For more information, see <a href=\"https://cdnpro.console.wangsu.com/v2/index/#/certificate\" target=\"_blank\">https://cdnpro.console.wangsu.com/v2/index/#/certificate</a>",
-  "workflow_node.deploy.form.webhook_data.label": "Webhook data (JSON format)",
-  "workflow_node.deploy.form.webhook_data.placeholder": "Please enter Webhook data",
-  "workflow_node.deploy.form.webhook_data.guide": "Tips: The Webhook data should be a key-value pair in JSON format. The values in JSON support template variables, which will be replaced by actual values when sent to the Webhook URL. <br><br>Supported variables: <br><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).<br><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).<br><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.<br><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.",
+  "workflow_node.deploy.form.webhook_data.label": "Webhook data (Optional)",
+  "workflow_node.deploy.form.webhook_data.placeholder": "Please enter Webhook data to override the default value",
+  "workflow_node.deploy.form.webhook_data.tooltip": "Leave it blank to use the default Webhook data provided by the authorization.",
+  "workflow_node.deploy.form.webhook_data.guide": "Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).</li><li><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).</li><li><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.</li><li><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.</li></ol><br>Please visit the authorization management page for addtional notes.",
   "workflow_node.deploy.form.webhook_data.errmsg.json_invalid": "Please enter a valiod JSON string",
-  "workflow_node.deploy.form.webhook_data_preset.button": "Use preset template",
   "workflow_node.deploy.form.strategy_config.label": "Strategy settings",
   "workflow_node.deploy.form.skip_on_last_succeeded.label": "Repeated deployment",
   "workflow_node.deploy.form.skip_on_last_succeeded.prefix": "If the last deployment was successful, ",
@@ -712,9 +712,32 @@
   "workflow_node.notify.form.subject.placeholder": "Please enter subject",
   "workflow_node.notify.form.message.label": "Message",
   "workflow_node.notify.form.message.placeholder": "Please enter message",
-  "workflow_node.notify.form.channel.label": "Channel",
+  "workflow_node.notify.form.channel.label": "Channel (Deprecated)",
   "workflow_node.notify.form.channel.placeholder": "Please select channel",
   "workflow_node.notify.form.channel.button": "Configure",
+  "workflow_node.notify.form.provider.label": "Notification channel",
+  "workflow_node.notify.form.provider.placeholder": "Please select notification channel",
+  "workflow_node.notify.form.provider_access.label": "Notification provider authorization",
+  "workflow_node.notify.form.provider_access.placeholder": "Please select an authorization of notification provider",
+  "workflow_node.notify.form.provider_access.button": "Create",
+  "workflow_node.notify.form.params_config.label": "Parameter settings",
+  "workflow_node.notify.form.email_sender_address.label": "Sender email address (Optional)",
+  "workflow_node.notify.form.email_sender_address.placeholder": "Please enter sender email address to override the default value",
+  "workflow_node.notify.form.email_sender_address.tooltip": "Leave it blank to use the default sender email address provided by the authorization.",
+  "workflow_node.notify.form.email_receiver_address.label": "Receiver email address (Optional)",
+  "workflow_node.notify.form.email_receiver_address.placeholder": "Please enter receiver email address to override the default value",
+  "workflow_node.notify.form.email_receiver_address.tooltip": "Leave it blank to use the default receiver email address provided by the selected authorization.",
+  "workflow_node.notify.form.mattermost_channel_id.label": "Mattermost channel ID (Optional)",
+  "workflow_node.notify.form.mattermost_channel_id.placeholder": "Please enter Mattermost channel ID  to override the default value",
+  "workflow_node.notify.form.mattermost_channel_id.tooltip": "Leave it blank to use the default channel ID provided by the authorization.",
+  "workflow_node.notify.form.telegram_chat_id.label": "Telegram chat ID (Optional)",
+  "workflow_node.notify.form.telegram_chat_id.placeholder": "Please enter Telegram chat ID to override the default value",
+  "workflow_node.notify.form.telegram_chat_id.tooltip": "Leave it blank to use the default chat ID provided by the selected authorization.",
+  "workflow_node.notify.form.webhook_data.label": "Webhook data (Optional)",
+  "workflow_node.notify.form.webhook_data.placeholder": "Please enter Webhook data to override the default value",
+  "workflow_node.notify.form.webhook_data.tooltip": "Leave it blank to use the default Webhook data provided by the authorization.",
+  "workflow_node.notify.form.webhook_data.guide": "Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${SUBJECT}</strong>: The subject of notification.</li><li><strong>${MESSAGE}</strong>: The message of notification.</li></ol><br>Please visit the authorization management page for addtional notes.",
+  "workflow_node.notify.form.webhook_data.errmsg.json_invalid": "Please enter a valiod JSON string",
 
   "workflow_node.end.label": "End",
 
diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json
index ce6ad588..04f74b58 100644
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@@ -18,9 +18,9 @@
   "access.props.provider.usage.ca": "证书颁发机构",
   "access.props.provider.usage.notification": "通知渠道",
   "access.props.provider.builtin": "内置",
-  "access.props.range.both_dns_hosting": "提供商",
-  "access.props.range.ca_only": "证书颁发机构",
-  "access.props.range.notify_only": "通知渠道",
+  "access.props.usage.both_dns_hosting": "提供商",
+  "access.props.usage.ca_only": "证书颁发机构",
+  "access.props.usage.notification_only": "通知渠道",
   "access.props.created_at": "创建时间",
   "access.props.updated_at": "更新时间",
 
@@ -139,6 +139,12 @@
   "access.form.desec_token.label": "deSEC Token",
   "access.form.desec_token.placeholder": "请输入 deSEC Token",
   "access.form.desec_token.tooltip": "这是什么？请参阅 <a href=\"https://desec.readthedocs.io/en/latest/auth/tokens.html#manage-tokens\" target=\"_blank\">https://desec.readthedocs.io/en/latest/auth/tokens.html</a>",
+  "access.form.dingtalkbot_webhook_url.label": "钉钉群机器人 Webhook 地址",
+  "access.form.dingtalkbot_webhook_url.placeholder": "请输入钉钉群机器人 Webhook 地址",
+  "access.form.dingtalkbot_webhook_url.tooltip": "这是什么？请参阅 <a href=\"https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot\" target=\"_blank\">https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot</a>",
+  "access.form.dingtalkbot_secret.label": "钉钉群机器人加签密钥",
+  "access.form.dingtalkbot_secret.placeholder": "请输入钉钉群机器人加签密钥",
+  "access.form.dingtalkbot_secret.tooltip": "这是什么？请参阅 <a href=\"https://open.dingtalk.com/document/orgapp/customize-robot-security-settings\" target=\"_blank\">https://open.dingtalk.com/document/orgapp/customize-robot-security-settings</a>",
   "access.form.dnsla_api_id.label": "DNS.LA API ID",
   "access.form.dnsla_api_id.placeholder": "请输入 DNS.LA API ID",
   "access.form.dnsla_api_id.tooltip": "这是什么？请参阅 <a href=\"https://www.dns.la/docs/ApiDoc\" target=\"_blank\">https://www.dns.la/docs/ApiDoc</a>",
@@ -160,6 +166,19 @@
   "access.form.edgio_client_secret.label": "Edgio 客户端密码",
   "access.form.edgio_client_secret.placeholder": "请输入 Edgio 客户端密码",
   "access.form.edgio_client_secret.tooltip": "这是什么？请参阅 <a href=\"https://docs.edg.io/applications/v7/rest_api/authentication#administering-api-clients\" target=\"_blank\">https://docs.edg.io/applications/v7/rest_api/authentication#administering-api-clients</a>",
+  "access.form.email_smtp_host.label": "SMTP 服务器地址",
+  "access.form.email_smtp_host.placeholder": "请输入 SMTP 服务器地址",
+  "access.form.email_smtp_port.label": "SMTP 服务器端口",
+  "access.form.email_smtp_port.placeholder": "请输入 SMTP 服务器端口",
+  "access.form.email_smtp_tls.label": "SSL/TLS 连接",
+  "access.form.email_username.label": "用户名",
+  "access.form.email_username.placeholder": "请输入用户名",
+  "access.form.email_password.label": "密码",
+  "access.form.email_password.placeholder": "请输入密码",
+  "access.form.email_default_sender_address.label": "默认的发送邮箱地址（可选）",
+  "access.form.email_default_sender_address.placeholder": "请输入默认的发送邮箱地址",
+  "access.form.email_default_receiver_address.label": "默认的接收邮箱地址（可选）",
+  "access.form.email_default_receiver_address.placeholder": "请输入默认的接收邮箱地址",
   "access.form.gcore_api_token.label": "Gcore API Token",
   "access.form.gcore_api_token.placeholder": "请输入 Gcore API Token",
   "access.form.gcore_api_token.tooltip": "这是什么？请参阅 <a href=\"https://api.gcore.com/docs/iam#section/Authentication\" target=\"_blank\">https://api.gcore.com/docs/iam#section/Authentication</a>",
@@ -197,6 +216,18 @@
   "access.form.k8s_kubeconfig.placeholder": "请选择 KubeConfig 文件",
   "access.form.k8s_kubeconfig.upload": "选择文件",
   "access.form.k8s_kubeconfig.tooltip": "这是什么？请参阅 <a href=\"https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>为空时，将使用 Pod 的 ServiceAccount 作为凭证。",
+  "access.form.larkbot_webhook_url.label": "飞书群机器人 Webhook 地址",
+  "access.form.larkbot_webhook_url.placeholder": "请输入飞书群机器人 Webhook 地址",
+  "access.form.larkbot_webhook_url.tooltip": "这是什么？请参阅 <a href=\"https://www.feishu.cn/hc/zh-CN/articles/807992406756\" target=\"_blank\">https://www.feishu.cn/hc/zh-CN/articles/807992406756</a>",
+  "access.form.mattermost_server_url.label": "Mattermost 服务地址",
+  "access.form.mattermost_server_url.placeholder": "请输入 Mattermost 服务地址",
+  "access.form.mattermost_username.label": "Mattermost 用户名",
+  "access.form.mattermost_username.placeholder": "请输入 Mattermost 用户名",
+  "access.form.mattermost_password.label": "Mattermost 密码",
+  "access.form.mattermost_password.placeholder": "请输入 Mattermost 密码",
+  "access.form.mattermost_default_channel_id.label": "默认的 Mattermost 频道 ID（可选）",
+  "access.form.mattermost_default_channel_id.placeholder": "请输入默认的 Mattermost 频道 ID",
+  "access.form.mattermost_default_channel_id.tooltip": "如何获取频道 ID？从左侧边栏中选择目标频道，点击顶部的频道名称，选择“频道详情”，即可在弹出页面中直接看到频道 ID。",
   "access.form.namecheap_username.label": "Namecheap 用户名",
   "access.form.namecheap_username.placeholder": "请输入 Namecheap 用户名",
   "access.form.namecheap_username.tooltip": "这是什么？请参阅 <a href=\"https://www.namecheap.com/support/api/intro/\" target=\"_blank\">https://www.namecheap.com/support/api/intro/</a>",
@@ -268,6 +299,12 @@
   "access.form.sslcom_eab_hmac_key.label": "ACME EAB HMAC key",
   "access.form.sslcom_eab_hmac_key.placeholder": "请输入 ACME EAB HMAC key",
   "access.form.sslcom_eab_hmac_key.tooltip": "这是什么？请参阅 <a href=\"https://www.ssl.com/how-to/generate-acme-credentials-for-reseller-customers/#ftoc-heading-6\" target=\"_blank\">https://www.ssl.com/how-to/generate-acme-credentials-for-reseller-customers/</a>",
+  "access.form.telegram_bot_token.label": "Telegram 机器人 API Token",
+  "access.form.telegram_bot_token.placeholder": "请输入 Telegram 机器人 API Token",
+  "access.form.telegram_bot_token.tooltip": "如何获取机器人 API Token？请参阅 <a href=\"https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a\" target=\"_blank\">https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a</a>",
+  "access.form.telegram_default_chat_id.label": "默认的 Telegram 会话 ID（可选）",
+  "access.form.telegram_default_chat_id.placeholder": "请输入默认的 Telegram 会话 ID",
+  "access.form.telegram_default_chat_id.tooltip": "如何获取会话 ID？请参阅 <a href=\"https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a\" target=\"_blank\">https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a</a>",
   "access.form.tencentcloud_secret_id.label": "腾讯云 SecretId",
   "access.form.tencentcloud_secret_id.placeholder": "请输入腾讯云 SecretId",
   "access.form.tencentcloud_secret_id.tooltip": "这是什么？请参阅 <a href=\"https://cloud.tencent.com/document/product/598/40488\" target=\"_blank\">https://cloud.tencent.com/document/product/598/40488</a>",
@@ -312,10 +349,34 @@
   "access.form.wangsu_api_key.tooltip": "这是什么？请参阅 <a href=\"https://www.wangsu.com/document/account-manage/15776\" target=\"_blank\">https://www.wangsu.com/document/account-manage/15776</a>",
   "access.form.webhook_url.label": "Webhook 回调地址",
   "access.form.webhook_url.placeholder": "请输入 Webhook 回调地址",
+  "access.form.webhook_method.label": "Webhook 请求谓词",
+  "access.form.webhook_method.placeholder": "请选择 Webhook 请求谓词",
+  "access.form.webhook_headers.label": "Webhook 请求标头（可选）",
+  "access.form.webhook_headers.placeholder": "请输入 Webhook 请求标头",
+  "access.form.webhook_headers.errmsg.invalid": "请输入有效的请求标头",
+  "access.form.webhook_headers.tooltip": "格式：<br><i>key1: val2<br>key2: val2</i><br><br>示例：<br><i>Content-Type: application/json<br>User-Agent: certimate</i>",
+  "access.form.webhook_default_data.errmsg.json_invalid": "请输入有效的 JSON 格式字符串",
+  "access.form.webhook_default_data_for_deployment.label": "默认的 Webhook 部署证书回调数据（可选）",
+  "access.form.webhook_default_data_for_deployment.placeholder": "请输入默认的 Webhook 回调数据",
+  "access.form.webhook_default_data_for_deployment.guide": "小贴士：回调数据是一个 JSON 格式的数据。<br><br>其中值支持模板变量，将在被发送到指定的 Webhook URL 时被替换为实际值；其他内容将保持原样。支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>当请求谓词为 GET 时，回调数据将作为查询参数；否则，回调数据将按照请求标头中 Content-Type 所指示的格式进行编码。支持的格式：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json（默认）。</li><li>application/x-www-form-urlencoded：不支持嵌套数据。</li><li>multipart/form-data：不支持嵌套数据。</li>",
+  "access.form.webhook_default_data_for_notification.label": "默认的 Webhook 推送通知回调数据（可选）",
+  "access.form.webhook_default_data_for_notification.placeholder": "请输入默认的 Webhook 回调数据",
+  "access.form.webhook_default_data_for_notification.guide": "小贴士：回调数据是一个 JSON 格式的数据。<br><br>其中值支持模板变量，将在被发送到指定的 Webhook URL 时被替换为实际值；其他内容将保持原样。支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${SUBJECT}</strong>：通知主题。</li><li><strong>${MESSAGE}</strong>：通知内容。</ol><br>当请求谓词为 GET 时，回调数据将作为查询参数；否则，回调数据将按照请求标头中 Content-Type 所指示的格式进行编码。支持的格式：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json（默认）。</li><li>application/x-www-form-urlencoded：不支持嵌套数据。</li><li>multipart/form-data：不支持嵌套数据。</li>",
+  "access.form.webhook_preset_data.button": "使用预设模板",
+  "access.form.webhook_preset_data.option.bark.label": "Bark",
+  "access.form.webhook_preset_data.option.gotify.label": "Gotify",
+  "access.form.webhook_preset_data.option.ntfy.label": "ntfy",
+  "access.form.webhook_preset_data.option.pushover.label": "Pushover",
+  "access.form.webhook_preset_data.option.pushplus.label": "PushPlus 推送加",
+  "access.form.webhook_preset_data.option.serverchan.label": "Server 酱",
+  "access.form.webhook_preset_data.option.common.label": "通用模板",
   "access.form.webhook_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
   "access.form.webhook_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。",
   "access.form.webhook_allow_insecure_conns.switch.on": "允许",
   "access.form.webhook_allow_insecure_conns.switch.off": "不允许",
+  "access.form.wecombot_webhook_url.label": "企业微信群机器人 Webhook 地址",
+  "access.form.wecombot_webhook_url.placeholder": "请输入企业微信群机器人 Webhook 地址",
+  "access.form.wecombot_webhook_url.tooltip": "这是什么？请参阅 <a href=\"https://open.work.weixin.qq.com/help2/pc/18401#%E5%85%AD%E3%80%81%E7%BE%A4%E6%9C%BA%E5%99%A8%E4%BA%BAWebhook%E5%9C%B0%E5%9D%80\" target=\"_blank\">https://open.work.weixin.qq.com/help2/pc/18401</a>",
   "access.form.westcn_username.label": "西部数码用户名",
   "access.form.westcn_username.placeholder": "请输入西部数码用户名",
   "access.form.westcn_username.tooltip": "这是什么？请参阅 <a href=\"https://www.west.cn/CustomerCenter/doc/apiv2.html#12u3001u8eabu4efdu9a8cu8bc10a3ca20id3d12u3001u8eabu4efdu9a8cu8bc13e203ca3e\" target=\"_blank\">https://www.west.cn/CustomerCenter/doc/apiv2.html</a>",
diff --git a/ui/src/i18n/locales/zh/nls.provider.json b/ui/src/i18n/locales/zh/nls.provider.json
index 86fd3e5b..28c3ad82 100644
--- a/ui/src/i18n/locales/zh/nls.provider.json
+++ b/ui/src/i18n/locales/zh/nls.provider.json
@@ -52,12 +52,14 @@
   "provider.ctcccloud": "联通云",
   "provider.cucccloud": "天翼云",
   "provider.desec": "deSEC",
+  "provider.dingtalkbot": "钉钉群机器人",
   "provider.dnsla": "DNS.LA",
   "provider.dogecloud": "多吉云",
   "provider.dogecloud.cdn": "多吉云 - 内容分发网络 CDN",
   "provider.dynv6": "dynv6",
   "provider.edgio": "Edgio",
   "provider.edgio.applications": "Edgio - Applications",
+  "provider.email": "邮件",
   "provider.fastly": "Fastly",
   "provider.gcore": "Gcore",
   "provider.gcore.cdn": "Gcore - 内容分发网络 CDN",
@@ -80,9 +82,11 @@
   "provider.jdcloud.vod": "京东云 - 视频点播",
   "provider.kubernetes": "Kubernetes",
   "provider.kubernetes.secret": "Kubernetes - Secret",
+  "provider.larkbot": "飞书群机器人",
   "provider.letsencrypt": "Let's Encrypt",
   "provider.letsencryptstaging": "Let's Encrypt 测试环境",
   "provider.local": "本地部署",
+  "provider.mattermost": "Mattermost",
   "provider.namecheap": "Namecheap",
   "provider.namedotcom": "Name.com",
   "provider.namesilo": "NameSilo",
@@ -98,6 +102,7 @@
   "provider.safeline": "雷池",
   "provider.ssh": "SSH 部署",
   "provider.sslcom": "SSL.com",
+  "provider.telegram": "Telegram",
   "provider.tencentcloud": "腾讯云",
   "provider.tencentcloud.cdn": "腾讯云 - 内容分发网络 CDN",
   "provider.tencentcloud.clb": "腾讯云 - 负载均衡 CLB",
@@ -131,6 +136,7 @@
   "provider.wangsu": "网宿云",
   "provider.wangsu.cdnpro": "网宿云 - CDN Pro",
   "provider.webhook": "Webhook",
+  "provider.wecombot": "企业微信群机器人",
   "provider.westcn": "西部数码",
   "provider.zerossl": "ZeroSSL",
 
diff --git a/ui/src/i18n/locales/zh/nls.settings.json b/ui/src/i18n/locales/zh/nls.settings.json
index 24342452..cde8ec0f 100644
--- a/ui/src/i18n/locales/zh/nls.settings.json
+++ b/ui/src/i18n/locales/zh/nls.settings.json
@@ -82,7 +82,6 @@
   "settings.notification.channel.form.pushover_user.placeholder": "请输入用户/分组 Key",
   "settings.notification.channel.form.pushover_user.label": "用户/分组 Key",
   "settings.notification.channel.form.pushover_user.tooltip": "这是什么？请参阅 <a href=\"https://pushover.net/api#identifiers\" target=\"_blank\">https://pushover.net/api#identifiers</a>",
-  "settings.notification.channel.form.pushplus_token.placeholder": "请输入Token",
   "settings.notification.channel.form.pushplus_token.label": "Token",
   "settings.notification.channel.form.pushplus_token.placeholder": "请输入 Token",
   "settings.notification.channel.form.pushplus_token.tooltip": "这是什么？请参阅 <a href=\"https://www.pushplus.plus/push1.html\" target=\"_blank\">https://www.pushplus.plus/push1.html</a>",
@@ -90,7 +89,7 @@
   "settings.notification.channel.form.serverchan_url.placeholder": "请输入服务器地址（形如: https://sctapi.ftqq.com/*****.send）",
   "settings.notification.channel.form.serverchan_url.tooltip": "这是什么？请参阅 <a href=\"https://sct.ftqq.com/forward\" target=\"_blank\">https://sct.ftqq.com/forward</a>",
   "settings.notification.channel.form.telegram_api_token.label": "机器人 API Token",
-  "settings.notification.channel.form.telegram_api_token.placeholder": "请输入机器人 API token",
+  "settings.notification.channel.form.telegram_api_token.placeholder": "请输入机器人 API Token",
   "settings.notification.channel.form.telegram_api_token.tooltip": "这是什么？请参阅 <a href=\"https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a\" target=\"_blank\">https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a</a>",
   "settings.notification.channel.form.telegram_chat_id.label": "会话 ID",
   "settings.notification.channel.form.telegram_chat_id.placeholder": "请输入会话 ID",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index 1e1387f8..d58ebe90 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -57,12 +57,12 @@
   "workflow_node.apply.form.advanced_config.label": "高级设置",
   "workflow_node.apply.form.ca_provider.label": "证书颁发机构（可选）",
   "workflow_node.apply.form.ca_provider.placeholder": "请选择证书颁发机构",
-  "workflow_node.apply.form.ca_provider.button": "去配置",
+  "workflow_node.apply.form.ca_provider.button": "设置",
   "workflow_node.apply.form.ca_provider_access.label": "证书颁发机构授权",
   "workflow_node.apply.form.ca_provider_access.placeholder": "请选择证书颁发机构授权",
   "workflow_node.apply.form.ca_provider_access.button": "新建",
-  "workflow_node.apply.form.key_algorithm.label": "数字证书算法",
-  "workflow_node.apply.form.key_algorithm.placeholder": "请选择数字证书算法",
+  "workflow_node.apply.form.key_algorithm.label": "证书算法",
+  "workflow_node.apply.form.key_algorithm.placeholder": "请选择证书算法",
   "workflow_node.apply.form.nameservers.label": "DNS 递归服务器（可选）",
   "workflow_node.apply.form.nameservers.placeholder": "请输入 DNS 递归服务器（多个值请用半角分号隔开）",
   "workflow_node.apply.form.nameservers.tooltip": "在 ACME DNS-01 质询时使用自定义的 DNS 递归服务器。如果你不了解该选项的用途，保持默认即可。<a href=\"https://go-acme.github.io/lego/usage/cli/options/index.html#dns-resolvers-and-challenge-verification\" target=\"_blank\">点此了解更多</a>。",
@@ -684,11 +684,11 @@
   "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.label": "网宿云 CDN Pro 部署任务 Webhook ID（可选）",
   "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.placeholder": "请输入网宿云 CDN Pro 部署任务 Webhook ID",
   "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.tooltip": "这是什么？请参阅 <a href=\"https://cdnpro.console.wangsu.com/v2/index/#/certificate\" target=\"_blank\">https://cdnpro.console.wangsu.com/v2/index/#/certificate</a>",
-  "workflow_node.deploy.form.webhook_data.label": "Webhook 回调数据（JSON 格式）",
+  "workflow_node.deploy.form.webhook_data.label": "Webhook 回调数据（可选）",
   "workflow_node.deploy.form.webhook_data.placeholder": "请输入 Webhook 回调数据",
-  "workflow_node.deploy.form.webhook_data.guide": "小贴士：回调数据是一个 JSON 格式的键值对。其中值支持模板变量，将在被发送到指定的 Webhook URL 时被替换为实际值；其他内容将保持原样。<br><br>支持的变量：<br><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）<br><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）<br><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容<br><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容",
+  "workflow_node.deploy.form.webhook_data.tooltip": "不填写时，将使用所选部署目标授权的默认 Webhook 回调数据。",
+  "workflow_node.deploy.form.webhook_data.guide": "支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>其他注意事项请前往授权管理页面查看。",
   "workflow_node.deploy.form.webhook_data.errmsg.json_invalid": "请输入有效的 JSON 格式字符串",
-  "workflow_node.deploy.form.webhook_data_preset.button": "使用预设模板",
   "workflow_node.deploy.form.strategy_config.label": "执行策略",
   "workflow_node.deploy.form.skip_on_last_succeeded.label": "重复部署",
   "workflow_node.deploy.form.skip_on_last_succeeded.prefix": "当上次部署相同证书成功时，",
@@ -711,9 +711,32 @@
   "workflow_node.notify.form.subject.placeholder": "请输入通知主题",
   "workflow_node.notify.form.message.label": "通知内容",
   "workflow_node.notify.form.message.placeholder": "请输入通知内容",
-  "workflow_node.notify.form.channel.label": "通知渠道",
+  "workflow_node.notify.form.channel.label": "通知渠道（已废弃，请使用「通知渠道授权」字段）",
   "workflow_node.notify.form.channel.placeholder": "请选择通知渠道",
-  "workflow_node.notify.form.channel.button": "去配置",
+  "workflow_node.notify.form.channel.button": "设置",
+  "workflow_node.notify.form.provider.label": "通知渠道",
+  "workflow_node.notify.form.provider.placeholder": "请选择通知渠道",
+  "workflow_node.notify.form.provider_access.label": "通知渠道授权",
+  "workflow_node.notify.form.provider_access.placeholder": "请选择通知渠道授权",
+  "workflow_node.notify.form.provider_access.button": "新建",
+  "workflow_node.notify.form.params_config.label": "参数设置",
+  "workflow_node.notify.form.email_sender_address.label": "发送邮箱地址（可选）",
+  "workflow_node.notify.form.email_sender_address.placeholder": "请输入发送邮箱地址以覆盖默认值",
+  "workflow_node.notify.form.email_sender_address.tooltip": "不填写时，将使用所选通知渠道授权的默认发送邮箱地址。",
+  "workflow_node.notify.form.email_receiver_address.label": "接收邮箱地址（可选）",
+  "workflow_node.notify.form.email_receiver_address.placeholder": "请输入接收邮箱地址以覆盖默认值",
+  "workflow_node.notify.form.email_receiver_address.tooltip": "不填写时，将使用所选通知渠道授权的默认接收邮箱地址。",
+  "workflow_node.notify.form.mattermost_channel_id.label": "Mattermost 频道 ID（可选）",
+  "workflow_node.notify.form.mattermost_channel_id.placeholder": "请输入 Mattermost 频道 ID 以覆盖默认值",
+  "workflow_node.notify.form.mattermost_channel_id.tooltip": "不填写时，将使用所选通知渠道授权的默认频道 ID。",
+  "workflow_node.notify.form.telegram_chat_id.label": "Telegram 会话 ID（可选）",
+  "workflow_node.notify.form.telegram_chat_id.placeholder": "请输入 Telegram 会话 ID 以覆盖默认值",
+  "workflow_node.notify.form.telegram_chat_id.tooltip": "不填写时，将使用所选通知渠道授权的默认会话 ID。",
+  "workflow_node.notify.form.webhook_data.label": "Webhook 回调数据（可选）",
+  "workflow_node.notify.form.webhook_data.placeholder": "请输入 Webhook 回调数据以覆盖默认值",
+  "workflow_node.notify.form.webhook_data.tooltip": "不填写时，将使用所选部署目标授权的默认 Webhook 回调数据。",
+  "workflow_node.notify.form.webhook_data.guide": "支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>其他注意事项请前往授权管理页面查看。",
+  "workflow_node.notify.form.webhook_data.errmsg.json_invalid": "请输入有效的 JSON 格式字符串",
 
   "workflow_node.end.label": "结束",
 
diff --git a/ui/src/pages/accesses/AccessList.tsx b/ui/src/pages/accesses/AccessList.tsx
index 0dd56aac..f815812e 100644
--- a/ui/src/pages/accesses/AccessList.tsx
+++ b/ui/src/pages/accesses/AccessList.tsx
@@ -21,7 +21,7 @@ import { useZustandShallowSelector } from "@/hooks";
 import { useAccessesStore } from "@/stores/access";
 import { getErrMsg } from "@/utils/error";
 
-type AccessRanges = AccessEditDrawerProps["range"];
+type AccessUsageProp = AccessEditDrawerProps["usage"];
 
 const AccessList = () => {
   const [searchParams] = useSearchParams();
@@ -87,7 +87,7 @@ const AccessList = () => {
         <Space.Compact>
           <AccessEditDrawer
             data={record}
-            range={filters["range"] as AccessRanges}
+            usage={filters["usage"] as AccessUsageProp}
             scene="edit"
             trigger={
               <Tooltip title={t("access.action.edit")}>
@@ -98,7 +98,7 @@ const AccessList = () => {
 
           <AccessEditDrawer
             data={{ ...record, id: undefined, name: `${record.name}-copy` }}
-            range={filters["range"] as AccessRanges}
+            usage={filters["usage"] as AccessUsageProp}
             scene="add"
             trigger={
               <Tooltip title={t("access.action.duplicate")}>
@@ -126,7 +126,7 @@ const AccessList = () => {
 
   const [filters, setFilters] = useState<Record<string, unknown>>(() => {
     return {
-      range: "both-dns-hosting" satisfies AccessRanges,
+      usage: "both-dns-hosting" satisfies AccessUsageProp,
       keyword: searchParams.get("keyword"),
     };
   });
@@ -160,13 +160,13 @@ const AccessList = () => {
         })
         .filter((e) => {
           const provider = accessProvidersMap.get(e.provider);
-          switch (filters["range"] as AccessRanges) {
+          switch (filters["usage"] as AccessUsageProp) {
             case "both-dns-hosting":
-              return provider?.usages?.includes(ACCESS_USAGES.DNS) || provider?.usages?.includes(ACCESS_USAGES.HOSTING);
+              return !e.reserve && (provider?.usages?.includes(ACCESS_USAGES.DNS) || provider?.usages?.includes(ACCESS_USAGES.HOSTING));
             case "ca-only":
-              return provider?.usages?.includes(ACCESS_USAGES.CA);
-            case "notify-only":
-              return provider?.usages?.includes(ACCESS_USAGES.NOTIFICATION);
+              return e.reserve === "ca" && provider?.usages?.includes(ACCESS_USAGES.CA);
+            case "notification-only":
+              return e.reserve === "notification" && provider?.usages?.includes(ACCESS_USAGES.NOTIFICATION);
           }
         });
       return Promise.resolve({
@@ -184,11 +184,13 @@ const AccessList = () => {
   );
 
   const handleTabChange = (key: string) => {
-    setFilters((prev) => ({ ...prev, range: key }));
+    setFilters((prev) => ({ ...prev, usage: key }));
+    setPage(1);
   };
 
   const handleSearch = (value: string) => {
     setFilters((prev) => ({ ...prev, keyword: value }));
+    setPage(1);
   };
 
   const handleReloadClick = () => {
@@ -224,7 +226,7 @@ const AccessList = () => {
         extra={[
           <AccessEditDrawer
             key="create"
-            range={filters["range"] as AccessRanges}
+            usage={filters["usage"] as AccessUsageProp}
             scene="add"
             trigger={
               <Button type="primary" icon={<PlusOutlinedIcon />}>
@@ -245,18 +247,18 @@ const AccessList = () => {
         tabList={[
           {
             key: "both-dns-hosting",
-            label: t("access.props.range.both_dns_hosting"),
+            label: t("access.props.usage.both_dns_hosting"),
           },
           {
             key: "ca-only",
-            label: t("access.props.range.ca_only"),
+            label: t("access.props.usage.ca_only"),
+          },
+          {
+            key: "notification-only",
+            label: t("access.props.usage.notification_only"),
           },
-          // {
-          //   key: "notify-only",
-          //   label: t("access.props.range.notify_only"),
-          // },
         ]}
-        activeTabKey={filters["range"] as string}
+        activeTabKey={filters["usage"] as string}
         onTabChange={(key) => handleTabChange(key)}
       />
 
diff --git a/ui/src/pages/certificates/CertificateList.tsx b/ui/src/pages/certificates/CertificateList.tsx
index 049069a3..6e28459d 100644
--- a/ui/src/pages/certificates/CertificateList.tsx
+++ b/ui/src/pages/certificates/CertificateList.tsx
@@ -251,6 +251,7 @@ const CertificateList = () => {
 
   const handleSearch = (value: string) => {
     setFilters((prev) => ({ ...prev, keyword: value.trim() }));
+    setPage(1);
   };
 
   const handleReloadClick = () => {
diff --git a/ui/src/pages/settings/SettingsNotification.tsx b/ui/src/pages/settings/SettingsNotification.tsx
index 950149e2..2c9d593a 100644
--- a/ui/src/pages/settings/SettingsNotification.tsx
+++ b/ui/src/pages/settings/SettingsNotification.tsx
@@ -1,11 +1,14 @@
 import { useTranslation } from "react-i18next";
-import { Card, Divider } from "antd";
+import { Alert, Card, Divider } from "antd";
 
 import NotifyChannels from "@/components/notification/NotifyChannels";
 import NotifyTemplate from "@/components/notification/NotifyTemplate";
 import { useZustandShallowSelector } from "@/hooks";
 import { useNotifyChannelsStore } from "@/stores/notify";
 
+/**
+ * @deprecated
+ */
 const SettingsNotification = () => {
   const { t } = useTranslation();
 
@@ -22,6 +25,7 @@ const SettingsNotification = () => {
       <Divider />
 
       <Card className="shadow" styles={{ body: loadedAtOnce ? { padding: 0 } : {} }} title={t("settings.notification.channels.card.title")}>
+        <Alert type="warning" banner message="本页面相关功能即将在后续版本中废弃，请使用「授权管理」页面来管理通知渠道。" />
         <NotifyChannels classNames={{ form: "md:max-w-[40rem]" }} />
       </Card>
     </div>
diff --git a/ui/src/pages/settings/SettingsSSLProvider.tsx b/ui/src/pages/settings/SettingsSSLProvider.tsx
index f23c2024..2be6162f 100644
--- a/ui/src/pages/settings/SettingsSSLProvider.tsx
+++ b/ui/src/pages/settings/SettingsSSLProvider.tsx
@@ -7,7 +7,7 @@ import { produce } from "immer";
 import { z } from "zod";
 
 import Show from "@/components/Show";
-import { APPLY_CA_PROVIDERS, type ApplyCAProviderType } from "@/domain/provider";
+import { type CAProviderType, CA_PROVIDERS } from "@/domain/provider";
 import { SETTINGS_NAMES, type SSLProviderSettingsContent, type SettingsModel } from "@/domain/settings";
 import { useAntdForm } from "@/hooks";
 import { get as getSettings, save as saveSettings } from "@/repository/settings";
@@ -27,14 +27,14 @@ const SSLProviderEditFormLetsEncryptConfig = () => {
   const { pending, settings, updateSettings } = useContext(SSLProviderContext);
 
   const { form: formInst, formProps } = useAntdForm<NonNullable<unknown>>({
-    initialValues: settings?.content?.config?.[APPLY_CA_PROVIDERS.LETSENCRYPT],
+    initialValues: settings?.content?.config?.[CA_PROVIDERS.LETSENCRYPT],
     onSubmit: async (values) => {
       const newSettings = produce(settings, (draft) => {
         draft.content ??= {} as SSLProviderSettingsContent;
-        draft.content.provider = APPLY_CA_PROVIDERS.LETSENCRYPT;
+        draft.content.provider = CA_PROVIDERS.LETSENCRYPT;
 
         draft.content.config ??= {} as SSLProviderSettingsContent["config"];
-        draft.content.config[APPLY_CA_PROVIDERS.LETSENCRYPT] = values;
+        draft.content.config[CA_PROVIDERS.LETSENCRYPT] = values;
       });
       await updateSettings(newSettings);
 
@@ -44,7 +44,7 @@ const SSLProviderEditFormLetsEncryptConfig = () => {
 
   const [formChanged, setFormChanged] = useState(false);
   useEffect(() => {
-    setFormChanged(settings?.content?.provider !== APPLY_CA_PROVIDERS.LETSENCRYPT);
+    setFormChanged(settings?.content?.provider !== CA_PROVIDERS.LETSENCRYPT);
   }, [settings?.content?.provider]);
 
   const handleFormChange = () => {
@@ -68,14 +68,14 @@ const SSLProviderEditFormLetsEncryptStagingConfig = () => {
   const { pending, settings, updateSettings } = useContext(SSLProviderContext);
 
   const { form: formInst, formProps } = useAntdForm<NonNullable<unknown>>({
-    initialValues: settings?.content?.config?.[APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING],
+    initialValues: settings?.content?.config?.[CA_PROVIDERS.LETSENCRYPTSTAGING],
     onSubmit: async (values) => {
       const newSettings = produce(settings, (draft) => {
         draft.content ??= {} as SSLProviderSettingsContent;
-        draft.content.provider = APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING;
+        draft.content.provider = CA_PROVIDERS.LETSENCRYPTSTAGING;
 
         draft.content.config ??= {} as SSLProviderSettingsContent["config"];
-        draft.content.config[APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING] = values;
+        draft.content.config[CA_PROVIDERS.LETSENCRYPTSTAGING] = values;
       });
       await updateSettings(newSettings);
 
@@ -85,7 +85,7 @@ const SSLProviderEditFormLetsEncryptStagingConfig = () => {
 
   const [formChanged, setFormChanged] = useState(false);
   useEffect(() => {
-    setFormChanged(settings?.content?.provider !== APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING);
+    setFormChanged(settings?.content?.provider !== CA_PROVIDERS.LETSENCRYPTSTAGING);
   }, [settings?.content?.provider]);
 
   const handleFormChange = () => {
@@ -113,14 +113,14 @@ const SSLProviderEditFormBuypassConfig = () => {
   const { pending, settings, updateSettings } = useContext(SSLProviderContext);
 
   const { form: formInst, formProps } = useAntdForm<NonNullable<unknown>>({
-    initialValues: settings?.content?.config?.[APPLY_CA_PROVIDERS.BUYPASS],
+    initialValues: settings?.content?.config?.[CA_PROVIDERS.BUYPASS],
     onSubmit: async (values) => {
       const newSettings = produce(settings, (draft) => {
         draft.content ??= {} as SSLProviderSettingsContent;
-        draft.content.provider = APPLY_CA_PROVIDERS.BUYPASS;
+        draft.content.provider = CA_PROVIDERS.BUYPASS;
 
         draft.content.config ??= {} as SSLProviderSettingsContent["config"];
-        draft.content.config[APPLY_CA_PROVIDERS.BUYPASS] = values;
+        draft.content.config[CA_PROVIDERS.BUYPASS] = values;
       });
       await updateSettings(newSettings);
 
@@ -130,7 +130,7 @@ const SSLProviderEditFormBuypassConfig = () => {
 
   const [formChanged, setFormChanged] = useState(false);
   useEffect(() => {
-    setFormChanged(settings?.content?.provider !== APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING);
+    setFormChanged(settings?.content?.provider !== CA_PROVIDERS.LETSENCRYPTSTAGING);
   }, [settings?.content?.provider]);
 
   const handleFormChange = () => {
@@ -165,14 +165,14 @@ const SSLProviderEditFormGoogleTrustServicesConfig = () => {
   });
   const formRule = createSchemaFieldRule(formSchema);
   const { form: formInst, formProps } = useAntdForm<z.infer<typeof formSchema>>({
-    initialValues: settings?.content?.config?.[APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES],
+    initialValues: settings?.content?.config?.[CA_PROVIDERS.GOOGLETRUSTSERVICES],
     onSubmit: async (values) => {
       const newSettings = produce(settings, (draft) => {
         draft.content ??= {} as SSLProviderSettingsContent;
-        draft.content.provider = APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES;
+        draft.content.provider = CA_PROVIDERS.GOOGLETRUSTSERVICES;
 
         draft.content.config ??= {} as SSLProviderSettingsContent["config"];
-        draft.content.config[APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES] = values;
+        draft.content.config[CA_PROVIDERS.GOOGLETRUSTSERVICES] = values;
       });
       await updateSettings(newSettings);
 
@@ -182,7 +182,7 @@ const SSLProviderEditFormGoogleTrustServicesConfig = () => {
 
   const [formChanged, setFormChanged] = useState(false);
   useEffect(() => {
-    setFormChanged(settings?.content?.provider !== APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES);
+    setFormChanged(settings?.content?.provider !== CA_PROVIDERS.GOOGLETRUSTSERVICES);
   }, [settings?.content?.provider]);
 
   const handleFormChange = () => {
@@ -235,14 +235,14 @@ const SSLProviderEditFormSSLComConfig = () => {
   });
   const formRule = createSchemaFieldRule(formSchema);
   const { form: formInst, formProps } = useAntdForm<z.infer<typeof formSchema>>({
-    initialValues: settings?.content?.config?.[APPLY_CA_PROVIDERS.SSLCOM],
+    initialValues: settings?.content?.config?.[CA_PROVIDERS.SSLCOM],
     onSubmit: async (values) => {
       const newSettings = produce(settings, (draft) => {
         draft.content ??= {} as SSLProviderSettingsContent;
-        draft.content.provider = APPLY_CA_PROVIDERS.SSLCOM;
+        draft.content.provider = CA_PROVIDERS.SSLCOM;
 
         draft.content.config ??= {} as SSLProviderSettingsContent["config"];
-        draft.content.config[APPLY_CA_PROVIDERS.SSLCOM] = values;
+        draft.content.config[CA_PROVIDERS.SSLCOM] = values;
       });
       await updateSettings(newSettings);
 
@@ -252,7 +252,7 @@ const SSLProviderEditFormSSLComConfig = () => {
 
   const [formChanged, setFormChanged] = useState(false);
   useEffect(() => {
-    setFormChanged(settings?.content?.provider !== APPLY_CA_PROVIDERS.SSLCOM);
+    setFormChanged(settings?.content?.provider !== CA_PROVIDERS.SSLCOM);
   }, [settings?.content?.provider]);
 
   const handleFormChange = () => {
@@ -305,14 +305,14 @@ const SSLProviderEditFormZeroSSLConfig = () => {
   });
   const formRule = createSchemaFieldRule(formSchema);
   const { form: formInst, formProps } = useAntdForm<z.infer<typeof formSchema>>({
-    initialValues: settings?.content?.config?.[APPLY_CA_PROVIDERS.ZEROSSL],
+    initialValues: settings?.content?.config?.[CA_PROVIDERS.ZEROSSL],
     onSubmit: async (values) => {
       const newSettings = produce(settings, (draft) => {
         draft.content ??= {} as SSLProviderSettingsContent;
-        draft.content.provider = APPLY_CA_PROVIDERS.ZEROSSL;
+        draft.content.provider = CA_PROVIDERS.ZEROSSL;
 
         draft.content.config ??= {} as SSLProviderSettingsContent["config"];
-        draft.content.config[APPLY_CA_PROVIDERS.ZEROSSL] = values;
+        draft.content.config[CA_PROVIDERS.ZEROSSL] = values;
       });
       await updateSettings(newSettings);
 
@@ -322,7 +322,7 @@ const SSLProviderEditFormZeroSSLConfig = () => {
 
   const [formChanged, setFormChanged] = useState(false);
   useEffect(() => {
-    setFormChanged(settings?.content?.provider !== APPLY_CA_PROVIDERS.ZEROSSL);
+    setFormChanged(settings?.content?.provider !== CA_PROVIDERS.ZEROSSL);
   }, [settings?.content?.provider]);
 
   const handleFormChange = () => {
@@ -383,20 +383,20 @@ const SettingsSSLProvider = () => {
     fetchData();
   }, []);
 
-  const [providerType, setProviderType] = useState<ApplyCAProviderType>(APPLY_CA_PROVIDERS.LETSENCRYPT);
+  const [providerType, setProviderType] = useState<CAProviderType>(CA_PROVIDERS.LETSENCRYPT);
   const providerFormEl = useMemo(() => {
     switch (providerType) {
-      case APPLY_CA_PROVIDERS.LETSENCRYPT:
+      case CA_PROVIDERS.LETSENCRYPT:
         return <SSLProviderEditFormLetsEncryptConfig />;
-      case APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING:
+      case CA_PROVIDERS.LETSENCRYPTSTAGING:
         return <SSLProviderEditFormLetsEncryptStagingConfig />;
-      case APPLY_CA_PROVIDERS.BUYPASS:
+      case CA_PROVIDERS.BUYPASS:
         return <SSLProviderEditFormBuypassConfig />;
-      case APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES:
+      case CA_PROVIDERS.GOOGLETRUSTSERVICES:
         return <SSLProviderEditFormGoogleTrustServicesConfig />;
-      case APPLY_CA_PROVIDERS.SSLCOM:
+      case CA_PROVIDERS.SSLCOM:
         return <SSLProviderEditFormSSLComConfig />;
-      case APPLY_CA_PROVIDERS.ZEROSSL:
+      case CA_PROVIDERS.ZEROSSL:
         return <SSLProviderEditFormZeroSSLConfig />;
     }
   }, [providerType]);
@@ -431,48 +431,48 @@ const SettingsSSLProvider = () => {
       <Show when={!loading} fallback={<Skeleton active />}>
         <Form form={formInst} disabled={formPending} layout="vertical" initialValues={{ provider: providerType }}>
           <Form.Item className="mb-2" name="provider" label={t("settings.sslprovider.form.provider.label")}>
-            <CheckCard.Group className="w-full" onChange={(value) => setProviderType(value as ApplyCAProviderType)}>
+            <CheckCard.Group className="w-full" onChange={(value) => setProviderType(value as CAProviderType)}>
               <CheckCard
                 avatar={<img src={"/imgs/providers/letsencrypt.svg"} className="size-8" />}
                 size="small"
                 title={t("provider.letsencrypt")}
                 description="letsencrypt.org"
-                value={APPLY_CA_PROVIDERS.LETSENCRYPT}
+                value={CA_PROVIDERS.LETSENCRYPT}
               />
               <CheckCard
                 avatar={<img src={"/imgs/providers/letsencrypt.svg"} className="size-8" />}
                 size="small"
                 title={t("provider.letsencryptstaging")}
                 description="letsencrypt.org"
-                value={APPLY_CA_PROVIDERS.LETSENCRYPTSTAGING}
+                value={CA_PROVIDERS.LETSENCRYPTSTAGING}
               />
               <CheckCard
                 avatar={<img src={"/imgs/providers/buypass.png"} className="size-8" />}
                 size="small"
                 title={t("provider.buypass")}
                 description="buypass.com"
-                value={APPLY_CA_PROVIDERS.BUYPASS}
+                value={CA_PROVIDERS.BUYPASS}
               />
               <CheckCard
                 avatar={<img src={"/imgs/providers/google.svg"} className="size-8" />}
                 size="small"
                 title={t("provider.googletrustservices")}
                 description="pki.goog"
-                value={APPLY_CA_PROVIDERS.GOOGLETRUSTSERVICES}
+                value={CA_PROVIDERS.GOOGLETRUSTSERVICES}
               />
               <CheckCard
                 avatar={<img src={"/imgs/providers/sslcom.svg"} className="size-8" />}
                 size="small"
                 title={t("provider.sslcom")}
                 description="ssl.com"
-                value={APPLY_CA_PROVIDERS.SSLCOM}
+                value={CA_PROVIDERS.SSLCOM}
               />
               <CheckCard
                 avatar={<img src={"/imgs/providers/zerossl.svg"} className="size-8" />}
                 size="small"
                 title={t("provider.zerossl")}
                 description="zerossl.com"
-                value={APPLY_CA_PROVIDERS.ZEROSSL}
+                value={CA_PROVIDERS.ZEROSSL}
               />
             </CheckCard.Group>
           </Form.Item>
diff --git a/ui/src/pages/workflows/WorkflowList.tsx b/ui/src/pages/workflows/WorkflowList.tsx
index 09bca7fc..f7a350fd 100644
--- a/ui/src/pages/workflows/WorkflowList.tsx
+++ b/ui/src/pages/workflows/WorkflowList.tsx
@@ -281,6 +281,7 @@ const WorkflowList = () => {
 
   const handleSearch = (value: string) => {
     setFilters((prev) => ({ ...prev, keyword: value.trim() }));
+    setPage(1);
   };
 
   const handleCreateClick = () => {
diff --git a/ui/src/stores/notify/index.ts b/ui/src/stores/notify/index.ts
index c8f0356f..d144aff4 100644
--- a/ui/src/stores/notify/index.ts
+++ b/ui/src/stores/notify/index.ts
@@ -4,6 +4,9 @@ import { create } from "zustand";
 import { type NotifyChannelsSettingsContent, SETTINGS_NAMES, type SettingsModel } from "@/domain/settings";
 import { get as getSettings, save as saveSettings } from "@/repository/settings";
 
+/**
+ * @deprecated
+ */
 export interface NotifyChannelsState {
   channels: NotifyChannelsSettingsContent;
   loading: boolean;
@@ -14,6 +17,9 @@ export interface NotifyChannelsState {
   setChannels: (channels: NotifyChannelsSettingsContent) => Promise<void>;
 }
 
+/**
+ * @deprecated
+ */
 export const useNotifyChannelsStore = create<NotifyChannelsState>((set, get) => {
   let fetcher: Promise<SettingsModel<NotifyChannelsSettingsContent>> | null = null; // 防止多次重复请求
   let settings: SettingsModel<NotifyChannelsSettingsContent>; // 记录当前设置的其他字段，保存回数据库时用