diff --git a/internal/services/container.go b/internal/services/container.go
index 0adf142e..17b21a60 100644
--- a/internal/services/container.go
+++ b/internal/services/container.go
@@ -17,11 +17,11 @@ type Container struct {
 	client *client.Client
 }
 
-func NewContainer(sock string) *Container {
-	if sock == "" {
-		sock = "/run/podman/podman.sock"
+func NewContainer(sock ...string) *Container {
+	if len(sock) == 0 {
+		sock[0] = "/run/podman/podman.sock"
 	}
-	cli, _ := client.NewClientWithOpts(client.WithHost("unix://"+sock), client.WithAPIVersionNegotiation())
+	cli, _ := client.NewClientWithOpts(client.WithHost("unix://"+sock[0]), client.WithAPIVersionNegotiation())
 	return &Container{
 		client: cli,
 	}
diff --git a/pkg/acme/client.go b/pkg/acme/client.go
index adf3646b..f4f8d197 100644
--- a/pkg/acme/client.go
+++ b/pkg/acme/client.go
@@ -103,8 +103,9 @@ func (c *Client) UseHTTP(path string) error {
 // ObtainSSL 签发 SSL 证书
 func (c *Client) ObtainSSL(domains []string) (certificate.Resource, error) {
 	request := certificate.ObtainRequest{
-		Domains: domains,
-		Bundle:  true,
+		Domains:    domains,
+		Bundle:     true,
+		MustStaple: false,
 	}
 
 	certificates, err := c.Client.Certificate.Obtain(request)
@@ -124,7 +125,7 @@ func (c *Client) RenewSSL(certUrl string) (certificate.Resource, error) {
 
 	certificates, err = c.Client.Certificate.RenewWithOptions(*certificates, &certificate.RenewOptions{
 		Bundle:     true,
-		MustStaple: true,
+		MustStaple: false,
 	})
 	if err != nil {
 		return certificate.Resource{}, err