diff --git a/ssl_manager/ssl_manager.py b/ssl_manager/ssl_manager.py
index d47f69f..42c9cb7 100755
--- a/ssl_manager/ssl_manager.py
+++ b/ssl_manager/ssl_manager.py
@@ -18,8 +18,7 @@ import requests
 import logging
 from pathlib import Path
 from typing import Optional, List, Dict
-from datetime import datetime, timedelta
-import base64
+from datetime import datetime
 
 # 配置日志
 logging.basicConfig(
@@ -65,6 +64,10 @@ class APISIXSSLManager:
         
         # 验证配置
         self._validate_config()
+        
+        # 创建 HTTP 会话，复用连接
+        self.session = requests.Session()
+        self.session.headers.update(self._get_apisix_headers())
     
     def load_config(self, config_path: str):
         """从配置文件加载配置（可选，用于覆盖默认配置）"""
@@ -221,13 +224,11 @@ class APISIXSSLManager:
         
         logger.info(f"配置 SNI 域名列表: {cert_domains}")
         
-        headers = self._get_apisix_headers()
-        
         try:
             # 先检查是否已存在相同 SNI 的配置
             # 方法1：通过 ID 查找（如果之前创建时使用了这个 ID）
             check_url = f"{self.apisix_admin_url}/apisix/admin/ssls/{ssl_id}"
-            response = requests.get(check_url, headers=headers, timeout=10)
+            response = self.session.get(check_url, timeout=10)
             
             existing_ssl_id = None
             if response.status_code == 200:
@@ -236,7 +237,7 @@ class APISIXSSLManager:
             else:
                 # 方法2：查询所有 SSL 配置，检查是否有相同 SNI 的配置
                 all_ssls_url = f"{self.apisix_admin_url}/apisix/admin/ssls"
-                all_response = requests.get(all_ssls_url, headers=headers, timeout=10)
+                all_response = self.session.get(all_ssls_url, timeout=10)
                 if all_response.status_code == 200:
                     all_ssls = all_response.json()
                     ssl_list = all_ssls.get('list', []) if isinstance(all_ssls, dict) else all_ssls
@@ -261,18 +262,16 @@ class APISIXSSLManager:
                 # 更新现有证书（更新时需要 id）
                 logger.info(f"更新 APISIX SSL 配置: {domain} (ID: {existing_ssl_id})")
                 ssl_config["id"] = existing_ssl_id
-                response = requests.put(
+                response = self.session.put(
                     f"{self.apisix_admin_url}/apisix/admin/ssls/{existing_ssl_id}",
-                    headers=headers,
                     json=ssl_config,
                     timeout=10
                 )
             else:
                 # 创建新证书（POST 时不包含 id，让 APISIX 自动生成）
                 logger.info(f"创建 APISIX SSL 配置: {domain}")
-                response = requests.post(
+                response = self.session.post(
                     f"{self.apisix_admin_url}/apisix/admin/ssls",
-                    headers=headers,
                     json=ssl_config,
                     timeout=10
                 )