diff --git a/pkg/core/ssl-deployer/providers/volcengine-alb/internal/client.go b/pkg/core/ssl-deployer/providers/volcengine-alb/internal/client.go
new file mode 100644
index 00000000..7a71a2ed
--- /dev/null
+++ b/pkg/core/ssl-deployer/providers/volcengine-alb/internal/client.go
@@ -0,0 +1,144 @@
+package internal
+
+import (
+	"github.com/volcengine/volcengine-go-sdk/service/alb"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/request"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery"
+)
+
+// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/alb/service_alb.go
+// to lightweight the vendor packages in the built binary.
+type AlbClient struct {
+	*client.Client
+}
+
+func NewAlbClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *AlbClient {
+	c := p.ClientConfig(alb.EndpointsID, cfgs...)
+	return newAlbClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+func newAlbClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *AlbClient {
+	svc := &AlbClient{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   alb.ServiceName,
+				ServiceID:     alb.ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2020-04-01",
+			},
+			handlers,
+		),
+	}
+
+	svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)
+	svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)
+
+	return svc
+}
+
+func (c *AlbClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	return req
+}
+
+func (c *AlbClient) DescribeListenerAttributes(input *alb.DescribeListenerAttributesInput) (*alb.DescribeListenerAttributesOutput, error) {
+	req, out := c.DescribeListenerAttributesRequest(input)
+	return out, req.Send()
+}
+
+func (c *AlbClient) DescribeListenerAttributesRequest(input *alb.DescribeListenerAttributesInput) (req *request.Request, output *alb.DescribeListenerAttributesOutput) {
+	op := &request.Operation{
+		Name:       "DescribeListenerAttributes",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &alb.DescribeListenerAttributesInput{}
+	}
+
+	output = &alb.DescribeListenerAttributesOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
+
+func (c *AlbClient) DescribeListeners(input *alb.DescribeListenersInput) (*alb.DescribeListenersOutput, error) {
+	req, out := c.DescribeListenersRequest(input)
+	return out, req.Send()
+}
+
+func (c *AlbClient) DescribeListenersRequest(input *alb.DescribeListenersInput) (req *request.Request, output *alb.DescribeListenersOutput) {
+	op := &request.Operation{
+		Name:       "DescribeListeners",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &alb.DescribeListenersInput{}
+	}
+
+	output = &alb.DescribeListenersOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
+
+func (c *AlbClient) DescribeLoadBalancerAttributes(input *alb.DescribeLoadBalancerAttributesInput) (*alb.DescribeLoadBalancerAttributesOutput, error) {
+	req, out := c.DescribeLoadBalancerAttributesRequest(input)
+	return out, req.Send()
+}
+
+func (c *AlbClient) DescribeLoadBalancerAttributesRequest(input *alb.DescribeLoadBalancerAttributesInput) (req *request.Request, output *alb.DescribeLoadBalancerAttributesOutput) {
+	op := &request.Operation{
+		Name:       "DescribeLoadBalancerAttributes",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &alb.DescribeLoadBalancerAttributesInput{}
+	}
+
+	output = &alb.DescribeLoadBalancerAttributesOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
+
+func (c *AlbClient) ModifyListenerAttributes(input *alb.ModifyListenerAttributesInput) (*alb.ModifyListenerAttributesOutput, error) {
+	req, out := c.ModifyListenerAttributesRequest(input)
+	return out, req.Send()
+}
+
+func (c *AlbClient) ModifyListenerAttributesRequest(input *alb.ModifyListenerAttributesInput) (req *request.Request, output *alb.ModifyListenerAttributesOutput) {
+	op := &request.Operation{
+		Name:       "ModifyListenerAttributes",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &alb.ModifyListenerAttributesInput{}
+	}
+
+	output = &alb.ModifyListenerAttributesOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
diff --git a/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go b/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go
index 2df3c447..9ab15218 100644
--- a/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go
+++ b/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go
@@ -12,6 +12,7 @@ import (
 	vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
 
 	"github.com/certimate-go/certimate/pkg/core"
+	"github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/volcengine-alb/internal"
 	sslmgrsp "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-certcenter"
 )
 
@@ -38,7 +39,7 @@ type SSLDeployerProviderConfig struct {
 type SSLDeployerProvider struct {
 	config     *SSLDeployerProviderConfig
 	logger     *slog.Logger
-	sdkClient  vealb.ALBAPI
+	sdkClient  *internal.AlbClient
 	sslManager core.SSLManager
 }
 
@@ -259,7 +260,7 @@ func (d *SSLDeployerProvider) updateListenerCertificate(ctx context.Context, clo
 	return nil
 }
 
-func createSDKClient(accessKeyId, accessKeySecret, region string) (vealb.ALBAPI, error) {
+func createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.AlbClient, error) {
 	config := ve.NewConfig().
 		WithAkSk(accessKeyId, accessKeySecret).
 		WithRegion(region)
@@ -269,6 +270,6 @@ func createSDKClient(accessKeyId, accessKeySecret, region string) (vealb.ALBAPI,
 		return nil, err
 	}
 
-	client := vealb.New(session)
+	client := internal.NewAlbClient(session)
 	return client, nil
 }
diff --git a/pkg/core/ssl-deployer/providers/volcengine-cdn/internal/client.go b/pkg/core/ssl-deployer/providers/volcengine-cdn/internal/client.go
new file mode 100644
index 00000000..255151aa
--- /dev/null
+++ b/pkg/core/ssl-deployer/providers/volcengine-cdn/internal/client.go
@@ -0,0 +1,128 @@
+package internal
+
+import (
+	"github.com/volcengine/volcengine-go-sdk/service/cdn"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/request"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery"
+)
+
+// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/cdn/service_cdn.go
+// to lightweight the vendor packages in the built binary.
+type CdnClient struct {
+	*client.Client
+}
+
+func NewCdnClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *CdnClient {
+	c := p.ClientConfig(cdn.EndpointsID, cfgs...)
+	return newCdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+func newCdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CdnClient {
+	svc := &CdnClient{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   cdn.ServiceName,
+				ServiceID:     cdn.ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2021-03-01",
+			},
+			handlers,
+		),
+	}
+
+	svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)
+	svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)
+
+	return svc
+}
+
+func (c *CdnClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	return req
+}
+
+func (c *CdnClient) BatchDeployCert(input *cdn.BatchDeployCertInput) (*cdn.BatchDeployCertOutput, error) {
+	req, out := c.BatchDeployCertRequest(input)
+	return out, req.Send()
+}
+
+func (c *CdnClient) BatchDeployCertRequest(input *cdn.BatchDeployCertInput) (req *request.Request, output *cdn.BatchDeployCertOutput) {
+	op := &request.Operation{
+		Name:       "BatchDeployCert",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &cdn.BatchDeployCertInput{}
+	}
+
+	output = &cdn.BatchDeployCertOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
+
+func (c *CdnClient) DescribeCertConfig(input *cdn.DescribeCertConfigInput) (*cdn.DescribeCertConfigOutput, error) {
+	req, out := c.DescribeCertConfigRequest(input)
+	return out, req.Send()
+}
+
+func (c *CdnClient) DescribeCertConfigRequest(input *cdn.DescribeCertConfigInput) (req *request.Request, output *cdn.DescribeCertConfigOutput) {
+	op := &request.Operation{
+		Name:       "DescribeCertConfig",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &cdn.DescribeCertConfigInput{}
+	}
+
+	output = &cdn.DescribeCertConfigOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
+
+func (c *CdnClient) ListCdnDomains(input *cdn.ListCdnDomainsInput) (*cdn.ListCdnDomainsOutput, error) {
+	req, out := c.ListCdnDomainsRequest(input)
+	return out, req.Send()
+}
+
+func (c *CdnClient) ListCdnDomainsRequest(input *cdn.ListCdnDomainsInput) (req *request.Request, output *cdn.ListCdnDomainsOutput) {
+	op := &request.Operation{
+		Name:       "ListCdnDomains",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &cdn.ListCdnDomainsInput{}
+	}
+
+	output = &cdn.ListCdnDomainsOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
diff --git a/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go b/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go
index a4f16a35..0389d1f2 100644
--- a/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go
+++ b/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go
@@ -12,6 +12,7 @@ import (
 	vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
 
 	"github.com/certimate-go/certimate/pkg/core"
+	"github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/volcengine-cdn/internal"
 	sslmgrsp "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-cdn"
 	xcerthostname "github.com/certimate-go/certimate/pkg/utils/cert/hostname"
 )
@@ -31,7 +32,7 @@ type SSLDeployerProviderConfig struct {
 type SSLDeployerProvider struct {
 	config     *SSLDeployerProviderConfig
 	logger     *slog.Logger
-	sdkClient  vecdn.CDNAPI
+	sdkClient  *internal.CdnClient
 	sslManager core.SSLManager
 }
 
@@ -247,7 +248,7 @@ func (d *SSLDeployerProvider) bindCert(ctx context.Context, domain string, cloud
 	return nil
 }
 
-func createSDKClient(accessKeyId, accessKeySecret string) (vecdn.CDNAPI, error) {
+func createSDKClient(accessKeyId, accessKeySecret string) (*internal.CdnClient, error) {
 	config := ve.NewConfig().
 		WithAkSk(accessKeyId, accessKeySecret)
 
@@ -256,6 +257,6 @@ func createSDKClient(accessKeyId, accessKeySecret string) (vecdn.CDNAPI, error)
 		return nil, err
 	}
 
-	client := vecdn.New(session)
+	client := internal.NewCdnClient(session)
 	return client, nil
 }
diff --git a/pkg/core/ssl-deployer/providers/volcengine-clb/internal/client.go b/pkg/core/ssl-deployer/providers/volcengine-clb/internal/client.go
new file mode 100644
index 00000000..19926fd9
--- /dev/null
+++ b/pkg/core/ssl-deployer/providers/volcengine-clb/internal/client.go
@@ -0,0 +1,122 @@
+package internal
+
+import (
+	"github.com/volcengine/volcengine-go-sdk/service/clb"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/request"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery"
+)
+
+// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/clb/service_clb.go
+// to lightweight the vendor packages in the built binary.
+type ClbClient struct {
+	*client.Client
+}
+
+func NewClbClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *ClbClient {
+	c := p.ClientConfig(clb.EndpointsID, cfgs...)
+	return newClbClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+func newClbClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *ClbClient {
+	svc := &ClbClient{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   clb.ServiceName,
+				ServiceID:     clb.ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2020-04-01",
+			},
+			handlers,
+		),
+	}
+
+	svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)
+	svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)
+
+	return svc
+}
+
+func (c *ClbClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	return req
+}
+
+func (c *ClbClient) DescribeListeners(input *clb.DescribeListenersInput) (*clb.DescribeListenersOutput, error) {
+	req, out := c.DescribeListenersRequest(input)
+	return out, req.Send()
+}
+
+func (c *ClbClient) DescribeListenersRequest(input *clb.DescribeListenersInput) (req *request.Request, output *clb.DescribeListenersOutput) {
+	op := &request.Operation{
+		Name:       "DescribeListeners",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &clb.DescribeListenersInput{}
+	}
+
+	output = &clb.DescribeListenersOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
+
+func (c *ClbClient) DescribeLoadBalancerAttributes(input *clb.DescribeLoadBalancerAttributesInput) (*clb.DescribeLoadBalancerAttributesOutput, error) {
+	req, out := c.DescribeLoadBalancerAttributesRequest(input)
+	return out, req.Send()
+}
+
+func (c *ClbClient) DescribeLoadBalancerAttributesRequest(input *clb.DescribeLoadBalancerAttributesInput) (req *request.Request, output *clb.DescribeLoadBalancerAttributesOutput) {
+	op := &request.Operation{
+		Name:       "DescribeLoadBalancerAttributes",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &clb.DescribeLoadBalancerAttributesInput{}
+	}
+
+	output = &clb.DescribeLoadBalancerAttributesOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
+
+func (c *ClbClient) ModifyListenerAttributes(input *clb.ModifyListenerAttributesInput) (*clb.ModifyListenerAttributesOutput, error) {
+	req, out := c.ModifyListenerAttributesRequest(input)
+	return out, req.Send()
+}
+
+func (c *ClbClient) ModifyListenerAttributesRequest(input *clb.ModifyListenerAttributesInput) (req *request.Request, output *clb.ModifyListenerAttributesOutput) {
+	op := &request.Operation{
+		Name:       "ModifyListenerAttributes",
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &clb.ModifyListenerAttributesInput{}
+	}
+
+	output = &clb.ModifyListenerAttributesOutput{}
+	req = c.newRequest(op, input, output)
+
+	return
+}
diff --git a/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go b/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go
index c7767741..98f3d122 100644
--- a/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go
+++ b/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go
@@ -11,6 +11,7 @@ import (
 	vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
 
 	"github.com/certimate-go/certimate/pkg/core"
+	"github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/volcengine-clb/internal"
 	sslmgrsp "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-certcenter"
 )
 
@@ -34,7 +35,7 @@ type SSLDeployerProviderConfig struct {
 type SSLDeployerProvider struct {
 	config     *SSLDeployerProviderConfig
 	logger     *slog.Logger
-	sdkClient  veclb.CLBAPI
+	sdkClient  *internal.ClbClient
 	sslManager core.SSLManager
 }
 
@@ -211,7 +212,7 @@ func (d *SSLDeployerProvider) updateListenerCertificate(ctx context.Context, clo
 	return nil
 }
 
-func createSDKClient(accessKeyId, accessKeySecret, region string) (veclb.CLBAPI, error) {
+func createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.ClbClient, error) {
 	config := ve.NewConfig().
 		WithAkSk(accessKeyId, accessKeySecret).
 		WithRegion(region)
@@ -221,6 +222,6 @@ func createSDKClient(accessKeyId, accessKeySecret, region string) (veclb.CLBAPI,
 		return nil, err
 	}
 
-	client := veclb.New(session)
+	client := internal.NewClbClient(session)
 	return client, nil
 }
diff --git a/pkg/core/ssl-deployer/providers/volcengine-dcdn/internal/client.go b/pkg/core/ssl-deployer/providers/volcengine-dcdn/internal/client.go
new file mode 100644
index 00000000..e4c23cdd
--- /dev/null
+++ b/pkg/core/ssl-deployer/providers/volcengine-dcdn/internal/client.go
@@ -0,0 +1,80 @@
+package internal
+
+import (
+	"github.com/volcengine/volcengine-go-sdk/service/dcdn"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/request"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery"
+)
+
+// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/dcdn/service_dcdn.go
+// to lightweight the vendor packages in the built binary.
+type DcdnClient struct {
+	*client.Client
+}
+
+func NewDcdnClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *DcdnClient {
+	c := p.ClientConfig(dcdn.EndpointsID, cfgs...)
+	return newDcdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+func newDcdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *DcdnClient {
+	svc := &DcdnClient{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   dcdn.ServiceName,
+				ServiceID:     dcdn.ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2021-04-01",
+			},
+			handlers,
+		),
+	}
+
+	svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)
+	svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)
+
+	return svc
+}
+
+func (c *DcdnClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	return req
+}
+
+func (c *DcdnClient) CreateCertBind(input *dcdn.CreateCertBindInput) (*dcdn.CreateCertBindOutput, error) {
+	req, out := c.CreateCertBindRequest(input)
+	return out, req.Send()
+}
+
+func (c *DcdnClient) CreateCertBindRequest(input *dcdn.CreateCertBindInput) (req *request.Request, output *dcdn.CreateCertBindOutput) {
+	op := &request.Operation{
+		Name:       "CreateCertBind",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &dcdn.CreateCertBindInput{}
+	}
+
+	output = &dcdn.CreateCertBindOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
diff --git a/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go b/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go
index 157bf94c..9742e19d 100644
--- a/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go
+++ b/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go
@@ -12,6 +12,7 @@ import (
 	vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
 
 	"github.com/certimate-go/certimate/pkg/core"
+	"github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/volcengine-dcdn/internal"
 	sslmgrsp "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-certcenter"
 )
 
@@ -29,7 +30,7 @@ type SSLDeployerProviderConfig struct {
 type SSLDeployerProvider struct {
 	config     *SSLDeployerProviderConfig
 	logger     *slog.Logger
-	sdkClient  vedcdn.DCDNAPI
+	sdkClient  *internal.DcdnClient
 	sslManager core.SSLManager
 }
 
@@ -104,7 +105,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke
 	return &core.SSLDeployResult{}, nil
 }
 
-func createSDKClient(accessKeyId, accessKeySecret, region string) (vedcdn.DCDNAPI, error) {
+func createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.DcdnClient, error) {
 	if region == "" {
 		region = "cn-beijing" // DCDN 服务默认区域：北京
 	}
@@ -118,6 +119,6 @@ func createSDKClient(accessKeyId, accessKeySecret, region string) (vedcdn.DCDNAP
 		return nil, err
 	}
 
-	client := vedcdn.New(session)
+	client := internal.NewDcdnClient(session)
 	return client, nil
 }
diff --git a/pkg/core/ssl-manager/providers/volcengine-cdn/internal/client.go b/pkg/core/ssl-manager/providers/volcengine-cdn/internal/client.go
new file mode 100644
index 00000000..182dbb9f
--- /dev/null
+++ b/pkg/core/ssl-manager/providers/volcengine-cdn/internal/client.go
@@ -0,0 +1,104 @@
+package internal
+
+import (
+	"github.com/volcengine/volcengine-go-sdk/service/cdn"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/request"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery"
+)
+
+// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/cdn/service_cdn.go
+// to lightweight the vendor packages in the built binary.
+type CdnClient struct {
+	*client.Client
+}
+
+func NewCdnClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *CdnClient {
+	c := p.ClientConfig(cdn.EndpointsID, cfgs...)
+	return newCdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+func newCdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CdnClient {
+	svc := &CdnClient{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   cdn.ServiceName,
+				ServiceID:     cdn.ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2021-03-01",
+			},
+			handlers,
+		),
+	}
+
+	svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)
+	svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)
+
+	return svc
+}
+
+func (c *CdnClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	return req
+}
+
+func (c *CdnClient) AddCertificate(input *cdn.AddCertificateInput) (*cdn.AddCertificateOutput, error) {
+	req, out := c.AddCertificateRequest(input)
+	return out, req.Send()
+}
+
+func (c *CdnClient) AddCertificateRequest(input *cdn.AddCertificateInput) (req *request.Request, output *cdn.AddCertificateOutput) {
+	op := &request.Operation{
+		Name:       "AddCertificate",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &cdn.AddCertificateInput{}
+	}
+
+	output = &cdn.AddCertificateOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
+
+func (c *CdnClient) ListCertInfo(input *cdn.ListCertInfoInput) (*cdn.ListCertInfoOutput, error) {
+	req, out := c.ListCertInfoRequest(input)
+	return out, req.Send()
+}
+
+func (c *CdnClient) ListCertInfoRequest(input *cdn.ListCertInfoInput) (req *request.Request, output *cdn.ListCertInfoOutput) {
+	op := &request.Operation{
+		Name:       "ListCertInfo",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &cdn.ListCertInfoInput{}
+	}
+
+	output = &cdn.ListCertInfoOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
diff --git a/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go b/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go
index 6340243e..39acc4c7 100644
--- a/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go
+++ b/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go
@@ -16,6 +16,7 @@ import (
 	vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
 
 	"github.com/certimate-go/certimate/pkg/core"
+	"github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-cdn/internal"
 	xcert "github.com/certimate-go/certimate/pkg/utils/cert"
 )
 
@@ -29,7 +30,7 @@ type SSLManagerProviderConfig struct {
 type SSLManagerProvider struct {
 	config    *SSLManagerProviderConfig
 	logger    *slog.Logger
-	sdkClient vecdn.CDNAPI
+	sdkClient *internal.CdnClient
 }
 
 var _ core.SSLManager = (*SSLManagerProvider)(nil)
@@ -142,7 +143,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
 	}, nil
 }
 
-func createSDKClient(accessKeyId, accessKeySecret string) (vecdn.CDNAPI, error) {
+func createSDKClient(accessKeyId, accessKeySecret string) (*internal.CdnClient, error) {
 	config := ve.NewConfig().
 		WithAkSk(accessKeyId, accessKeySecret)
 
@@ -151,6 +152,6 @@ func createSDKClient(accessKeyId, accessKeySecret string) (vecdn.CDNAPI, error)
 		return nil, err
 	}
 
-	client := vecdn.New(session)
+	client := internal.NewCdnClient(session)
 	return client, nil
 }
diff --git a/pkg/core/ssl-manager/providers/volcengine-certcenter/internal/client.go b/pkg/core/ssl-manager/providers/volcengine-certcenter/internal/client.go
new file mode 100644
index 00000000..45846b47
--- /dev/null
+++ b/pkg/core/ssl-manager/providers/volcengine-certcenter/internal/client.go
@@ -0,0 +1,80 @@
+package internal
+
+import (
+	"github.com/volcengine/volcengine-go-sdk/service/certificateservice"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/request"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery"
+)
+
+// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/certificateservice/service_certificateservice.go
+// to lightweight the vendor packages in the built binary.
+type CertificateserviceClient struct {
+	*client.Client
+}
+
+func NewCertificateserviceClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *CertificateserviceClient {
+	c := p.ClientConfig(certificateservice.EndpointsID, cfgs...)
+	return newCertificateserviceClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+}
+
+func newCertificateserviceClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CertificateserviceClient {
+	svc := &CertificateserviceClient{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:   certificateservice.ServiceName,
+				ServiceID:     certificateservice.ServiceID,
+				SigningName:   signingName,
+				SigningRegion: signingRegion,
+				Endpoint:      endpoint,
+				APIVersion:    "2024-10-01",
+			},
+			handlers,
+		),
+	}
+
+	svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)
+	svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)
+
+	return svc
+}
+
+func (c *CertificateserviceClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	return req
+}
+
+func (c *CertificateserviceClient) ImportCertificate(input *certificateservice.ImportCertificateInput) (*certificateservice.ImportCertificateOutput, error) {
+	req, out := c.ImportCertificateRequest(input)
+	return out, req.Send()
+}
+
+func (c *CertificateserviceClient) ImportCertificateRequest(input *certificateservice.ImportCertificateInput) (req *request.Request, output *certificateservice.ImportCertificateOutput) {
+	op := &request.Operation{
+		Name:       "ImportCertificate",
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &certificateservice.ImportCertificateInput{}
+	}
+
+	output = &certificateservice.ImportCertificateOutput{}
+	req = c.newRequest(op, input, output)
+
+	req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8")
+
+	return
+}
diff --git a/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go b/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go
index ca6eff0f..cca4d905 100644
--- a/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go
+++ b/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go
@@ -11,6 +11,7 @@ import (
 	vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
 
 	"github.com/certimate-go/certimate/pkg/core"
+	"github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-certcenter/internal"
 )
 
 type SSLManagerProviderConfig struct {
@@ -25,7 +26,7 @@ type SSLManagerProviderConfig struct {
 type SSLManagerProvider struct {
 	config    *SSLManagerProviderConfig
 	logger    *slog.Logger
-	sdkClient vecs.CERTIFICATESERVICEAPI
+	sdkClient *internal.CertificateserviceClient
 }
 
 var _ core.SSLManager = (*SSLManagerProvider)(nil)
@@ -88,7 +89,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
 	}, nil
 }
 
-func createSDKClient(accessKeyId, accessKeySecret, region string) (vecs.CERTIFICATESERVICEAPI, error) {
+func createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.CertificateserviceClient, error) {
 	if region == "" {
 		region = "cn-beijing" // 证书中心默认区域：北京
 	}
@@ -102,6 +103,6 @@ func createSDKClient(accessKeyId, accessKeySecret, region string) (vecs.CERTIFIC
 		return nil, err
 	}
 
-	client := vecs.New(session)
+	client := internal.NewCertificateserviceClient(session)
 	return client, nil
 }