diff --git a/CHANGELOG.md b/CHANGELOG.md
index 448933e0ad..58185e5136 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,18 +1,24 @@
 ## 1.33.1 (Unreleased)
 
 ENHANCEMENTS: 
-Resource: `tencentcloud_redis_instance` add new argument `type_id`,`redis_shard_num`,`redis_replicas_num`
-Resource: `tencentcloud_ccn_attachment` add new type `CNN_INSTANCE_TYPE_VPNGW` for field `instance_type`
-Resource: `tencentcloud_vpn_gateway` add new type `CCN` for field `type`
-Data Source: `tencentcloud_redis_instances` add new argument  `type_id`,`redis_shard_num`,`redis_replicas_num`
-Data Source: `tencentcloud_redis_zone_config` add output argument `type_id` and new output argument  `type_id`,`redis_shard_nums`,`redis_replicas_nums`
-Data Source: `tencentcloud_ccn_instances` add new type `VPNGW` for field `instance_type`
-Data Source: `tencentcloud_vpn_gateways` add new type `CCN` for field `type`
+
+* Data Source: `tencentcloud_redis_instances` add new argument `type_id`, `redis_shard_num`, `redis_replicas_num`
+* Data Source: `tencentcloud_redis_zone_config` add output argument `type_id` and new output argument `type_id`, `redis_shard_nums`, `redis_replicas_nums`
+* Data Source: `tencentcloud_ccn_instances` add new type `VPNGW` for field `instance_type`
+* Data Source: `tencentcloud_vpn_gateways` add new type `CCN` for field `type`
+* Resource: `tencentcloud_redis_instance` add new argument `type_id`, `redis_shard_num`, `redis_replicas_num`
+* Resource: `tencentcloud_ccn_attachment` add new type `CNN_INSTANCE_TYPE_VPNGW` for field `instance_type`
+* Resource: `tencentcloud_vpn_gateway` add new type `CCN` for field `type`
+
+BUG FIXES:
+
+* Resource: `tencentcloud_cdn_domain` fix `https_config` inconsistency after apply([#413](https://github.com/terraform-providers/terraform-provider-tencentcloud/issues/413)).
 
 DEPRECATED:
+
 * Resource: `tencentcloud_redis_instance`: optional argument `type` is no longer supported, replace by `type_id`.
-* Data Source: `tencentcloud_redis_instances`: output argument `type` is no longer supported, replace by `type_id`
-* Data Source: `tencentcloud_redis_zone_config`: output argument `type` is no longer supported, replace by `type_id`
+* Data Source: `tencentcloud_redis_instances`: output argument `type` is no longer supported, replace by `type_id`.
+* Data Source: `tencentcloud_redis_zone_config`: output argument `type` is no longer supported, replace by `type_id`.
 
 ## 1.33.0 (May 18, 2020)
 
diff --git a/tencentcloud/extension_cdn.go b/tencentcloud/extension_cdn.go
index bbf9b3de28..39ff745560 100644
--- a/tencentcloud/extension_cdn.go
+++ b/tencentcloud/extension_cdn.go
@@ -29,7 +29,8 @@ const (
 	CDN_SERVICE_NAME         = "cdn"
 	CDN_RESOURCE_NAME_DOMAIN = "domain"
 
-	CDN_HOST_NOT_FOUND = "ResourceNotFound.CdnHostNotExists"
+	CDN_HOST_NOT_FOUND      = "ResourceNotFound.CdnHostNotExists"
+	CDN_DOMAIN_CONFIG_ERROE = "FailedOperation.CdnConfigError"
 )
 
 var CDN_SERVICE_TYPE = []string{
diff --git a/tencentcloud/resource_tc_cdn_domain.go b/tencentcloud/resource_tc_cdn_domain.go
index 613d00c91a..e8aeb83a3c 100644
--- a/tencentcloud/resource_tc_cdn_domain.go
+++ b/tencentcloud/resource_tc_cdn_domain.go
@@ -49,6 +49,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	cdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
+	sdkErrors "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors"
 	"github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/internal/helper"
 	"github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/ratelimit"
 )
@@ -208,7 +209,7 @@ func resourceTencentCloudCdnDomain() *schema.Resource {
 									},
 									"certificate_name": {
 										Type:        schema.TypeString,
-										Optional:    true,
+										Computed:    true,
 										Description: "Server certificate name.",
 									},
 									"certificate_content": {
@@ -226,6 +227,16 @@ func resourceTencentCloudCdnDomain() *schema.Resource {
 										Optional:    true,
 										Description: "Certificate remarks.",
 									},
+									"deploy_time": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "Deploy time of server certificate.",
+									},
+									"expire_time": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "Expire time of server certificate.",
+									},
 								},
 							},
 						},
@@ -238,14 +249,24 @@ func resourceTencentCloudCdnDomain() *schema.Resource {
 								Schema: map[string]*schema.Schema{
 									"certificate_name": {
 										Type:        schema.TypeString,
-										Required:    true,
+										Computed:    true,
 										Description: "Client certificate name.",
 									},
 									"certificate_content": {
 										Type:        schema.TypeString,
-										Optional:    true,
+										Required:    true,
 										Description: "Client Certificate PEM format, requires Base64 encoding.",
 									},
+									"deploy_time": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "Deploy time of client certificate.",
+									},
+									"expire_time": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "Expire time of client certificate.",
+									},
 								},
 							},
 						},
@@ -359,9 +380,6 @@ func resourceTencentCloudCdnDomainCreate(d *schema.ResourceData, meta interface{
 					if v := serverCert["certificate_id"]; v.(string) != "" {
 						request.Https.CertInfo.CertId = helper.String(v.(string))
 					}
-					if v := serverCert["certificate_name"]; v.(string) != "" {
-						request.Https.CertInfo.CertName = helper.String(v.(string))
-					}
 					if v := serverCert["certificate_content"]; v.(string) != "" {
 						request.Https.CertInfo.Certificate = helper.String(v.(string))
 					}
@@ -378,7 +396,6 @@ func resourceTencentCloudCdnDomainCreate(d *schema.ResourceData, meta interface{
 				if len(clientCerts) > 0 {
 					clientCert := clientCerts[0].(map[string]interface{})
 					request.Https.ClientCertInfo = &cdn.ClientCert{}
-					request.Https.ClientCertInfo.CertName = helper.String(clientCert["certificate_name"].(string))
 					if v := clientCert["certificate_content"]; v.(string) != "" {
 						request.Https.ClientCertInfo.Certificate = helper.String(v.(string))
 					}
@@ -391,8 +408,11 @@ func resourceTencentCloudCdnDomainCreate(d *schema.ResourceData, meta interface{
 		ratelimit.Check(request.GetAction())
 		_, err := meta.(*TencentCloudClient).apiV3Conn.UseCdnClient().AddCdnDomain(request)
 		if err != nil {
-			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
-				logId, request.GetAction(), request.ToJsonString(), err.Error())
+			if sdkErr, ok := err.(*sdkErrors.TencentCloudSDKError); ok {
+				if sdkErr.Code == CDN_DOMAIN_CONFIG_ERROE {
+					return resource.NonRetryableError(err)
+				}
+			}
 			return retryError(err)
 		}
 		return nil
@@ -494,22 +514,52 @@ func resourceTencentCloudCdnDomainRead(d *schema.ResourceData, meta interface{})
 	httpsConfig["ocsp_stapling_switch"] = domainConfig.Https.OcspStapling
 	httpsConfig["spdy_switch"] = domainConfig.Https.Spdy
 	httpsConfig["verify_client"] = domainConfig.Https.VerifyClient
-	if domainConfig.Https.CertInfo != nil {
+
+	oldHttpsConfigs := make([]interface{}, 0)
+	if _, ok := d.GetOk("https_config"); ok {
+		oldHttpsConfigs = d.Get("https_config").([]interface{})
+	}
+	oldHttpsConfig := make(map[string]interface{})
+	if len(oldHttpsConfigs) > 0 {
+		oldHttpsConfig = oldHttpsConfigs[0].(map[string]interface{})
+	}
+	oldServerConfigs := make([]interface{}, 0)
+	if _, ok := oldHttpsConfig["server_certificate_config"]; ok {
+		oldServerConfigs = oldHttpsConfig["server_certificate_config"].([]interface{})
+	}
+	oldServerConfig := make(map[string]interface{})
+	if len(oldServerConfigs) > 0 {
+		oldServerConfig = oldServerConfigs[0].(map[string]interface{})
+	}
+	oldClientConfigs := make([]interface{}, 0)
+	if _, ok := oldHttpsConfig["client_certificate_config"]; ok {
+		oldClientConfigs = oldHttpsConfig["client_certificate_config"].([]interface{})
+	}
+	oldClientConfig := make(map[string]interface{})
+	if len(oldClientConfigs) > 0 {
+		oldClientConfig = oldClientConfigs[0].(map[string]interface{})
+	}
+
+	if domainConfig.Https.CertInfo != nil && domainConfig.Https.CertInfo.CertName != nil {
 		serverCertConfigs := make([]map[string]interface{}, 0, 1)
 		serverCertConfig := make(map[string]interface{}, 5)
 		serverCertConfig["certificate_id"] = domainConfig.Https.CertInfo.CertId
 		serverCertConfig["certificate_name"] = domainConfig.Https.CertInfo.CertName
-		serverCertConfig["certificate_content"] = domainConfig.Https.CertInfo.Certificate
-		serverCertConfig["private_key"] = domainConfig.Https.CertInfo.PrivateKey
+		serverCertConfig["certificate_content"] = oldServerConfig["certificate_content"]
+		serverCertConfig["private_key"] = oldServerConfig["private_key"]
 		serverCertConfig["message"] = domainConfig.Https.CertInfo.Message
+		serverCertConfig["deploy_time"] = domainConfig.Https.CertInfo.DeployTime
+		serverCertConfig["expire_time"] = domainConfig.Https.CertInfo.ExpireTime
 		serverCertConfigs = append(serverCertConfigs, serverCertConfig)
 		httpsConfig["server_certificate_config"] = serverCertConfigs
 	}
-	if domainConfig.Https.ClientCertInfo != nil {
+	if domainConfig.Https.ClientCertInfo != nil && domainConfig.Https.ClientCertInfo.CertName != nil {
 		clientCertConfigs := make([]map[string]interface{}, 0, 1)
 		clientCertConfig := make(map[string]interface{}, 2)
+		clientCertConfig["certificate_content"] = oldClientConfig["certificate_content"]
 		clientCertConfig["certificate_name"] = domainConfig.Https.ClientCertInfo.CertName
-		clientCertConfig["certificate_content"] = domainConfig.Https.ClientCertInfo.Certificate
+		clientCertConfig["deploy_time"] = domainConfig.Https.ClientCertInfo.DeployTime
+		clientCertConfig["expire_time"] = domainConfig.Https.ClientCertInfo.ExpireTime
 		clientCertConfigs = append(clientCertConfigs, clientCertConfig)
 		httpsConfig["client_certificate_config"] = clientCertConfigs
 	}
@@ -619,9 +669,6 @@ func resourceTencentCloudCdnDomainUpdate(d *schema.ResourceData, meta interface{
 					if v := serverCert["certificate_id"]; v.(string) != "" {
 						request.Https.CertInfo.CertId = helper.String(v.(string))
 					}
-					if v := serverCert["certificate_name"]; v.(string) != "" {
-						request.Https.CertInfo.CertName = helper.String(v.(string))
-					}
 					if v := serverCert["certificate_content"]; v.(string) != "" {
 						request.Https.CertInfo.Certificate = helper.String(v.(string))
 					}
@@ -638,7 +685,6 @@ func resourceTencentCloudCdnDomainUpdate(d *schema.ResourceData, meta interface{
 				if len(clientCerts) > 0 {
 					clientCert := clientCerts[0].(map[string]interface{})
 					request.Https.ClientCertInfo = &cdn.ClientCert{}
-					request.Https.ClientCertInfo.CertName = helper.String(clientCert["certificate_name"].(string))
 					if v := clientCert["certificate_content"]; v.(string) != "" {
 						request.Https.ClientCertInfo.Certificate = helper.String(v.(string))
 					}
diff --git a/tencentcloud/resource_tc_cdn_domain_test.go b/tencentcloud/resource_tc_cdn_domain_test.go
index 244a9c84aa..f65f35c890 100644
--- a/tencentcloud/resource_tc_cdn_domain_test.go
+++ b/tencentcloud/resource_tc_cdn_domain_test.go
@@ -39,18 +39,22 @@ func TestAccTencentCloudCdnDomain(t *testing.T) {
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.origin_list.#", "1"),
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.server_name", "test.zhaoshaona.com"),
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.origin_pull_protocol", "follow"),
-					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.https_switch", "off"),
-					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.http2_switch", "off"),
-					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.ocsp_stapling_switch", "off"),
-					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.spdy_switch", "off"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.https_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.http2_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.ocsp_stapling_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.spdy_switch", "on"),
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.verify_client", "off"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.message", "test"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.deploy_time"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.expire_time"),
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "tags.hello", "world"),
 				),
 			},
 			{
-				ResourceName:      "tencentcloud_cdn_domain.foo",
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            "tencentcloud_cdn_domain.foo",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"https_config"},
 			},
 		},
 	})
@@ -149,11 +153,69 @@ resource "tencentcloud_cdn_domain" "foo" {
   }
 
   https_config {
-    https_switch = "off"
-    http2_switch = "off"
-    ocsp_stapling_switch = "off"
-    spdy_switch = "off"
+    https_switch = "on"
+    http2_switch = "on"
+    ocsp_stapling_switch = "on"
+    spdy_switch = "on"
 	verify_client = "off"
+
+	server_certificate_config {
+      certificate_content = <<EOT
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqACCQDJd98Shn/cJTANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
+Q04xEDAOBgNVBAgMB1RpYW5qaW4xEDAOBgNVBAcMB1RpYW5qaW4xDjAMBgNVBAoM
+BU1vY2hhMRcwFQYDVQQLDA5Nb2NoYSBTb2Z0d2FyZTEcMBoGA1UEAwwTdGVzdC56
+aGFvc2hhb25hLmNvbTEjMCEGCSqGSIb3DQEJARYUeWFsaW5wZWlAdGVuY2VudC5j
+b20wHhcNMjAwNTIwMDcyNDQyWhcNMzAwNTE4MDcyNDQyWjCBnTELMAkGA1UEBhMC
+Q04xEDAOBgNVBAgMB1RpYW5qaW4xEDAOBgNVBAcMB1RpYW5qaW4xDjAMBgNVBAoM
+BU1vY2hhMRcwFQYDVQQLDA5Nb2NoYSBTb2Z0d2FyZTEcMBoGA1UEAwwTdGVzdC56
+aGFvc2hhb25hLmNvbTEjMCEGCSqGSIb3DQEJARYUeWFsaW5wZWlAdGVuY2VudC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgndm2xEWL7CaVQ/lb
+TO6Gj4EqEp1tWygjdfqkUXADfsgMGPukYaZY+klV6AJzLcj8VD5iWgKa+V4kLHtf
+yh66c45nZrdUVoF9CFTw2+B/LTa/UzsvbLTVOnEjVBjI1V5kVzliF5cK5OlQ258d
+w6yFaccOgXqSkp9i57Y9pT1FIb691hsf2VHiVLizPYy3vvLQeN8RnXS3vK56BcQk
+o+49H11TAsrIh0C5maF0jp/7poSQkrX0kjfX4+gK/mC4Dn3PgK464Ko5OR45IGji
+D368/klCK1bqIshlv4owEfgzAEQMPUQ0CfuvXTX85aojM48RiYiDmYveaICtYnSR
+04MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHWUpfePVt3LjZVDS3OmQ7rTG8zc
+zwZgJfxP0f4ZNo/9t53SNsQ0UM/+7sqnBKOjsWfgyFqSh9cfN0Bnsn3gmvPXmD5R
+nCa9qr9IO+FP9Ke4KKn0Ndx1sWJN3B6D8bUTnvFIkJoRsvsqNi24o2uKrUdcAYHL
+5BVtrVe8E55i0A5WosC8KWv4ZJxTacvuxVjfyroKzxsLwOQvCqBNSuZLg1HYUeG6
+XIj0/acmysb8S82Lxm39E82DbPdUO3Z0TlGL7umlAV947/6eGvPhszjnhBlxVo3p
+tmHdyqfHxWbkTW4bnO/Gu+Sll6a3n1uyQ/onXuXH3pBZoXLp3Jj+CV1+N6E=
+-----END CERTIFICATE-----
+EOT
+
+      private_key         = <<EOT
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAoJ3ZtsRFi+wmlUP5W0zuho+BKhKdbVsoI3X6pFFwA37IDBj7
+pGGmWPpJVegCcy3I/FQ+YloCmvleJCx7X8oeunOOZ2a3VFaBfQhU8Nvgfy02v1M7
+L2y01TpxI1QYyNVeZFc5YheXCuTpUNufHcOshWnHDoF6kpKfYue2PaU9RSG+vdYb
+H9lR4lS4sz2Mt77y0HjfEZ10t7yuegXEJKPuPR9dUwLKyIdAuZmhdI6f+6aEkJK1
+9JI31+PoCv5guA59z4CuOuCqOTkeOSBo4g9+vP5JQitW6iLIZb+KMBH4MwBEDD1E
+NAn7r101/OWqIzOPEYmIg5mL3miArWJ0kdODEwIDAQABAoIBAQCW2uuLX9k6THkI
+pSlleWJm/A4C6Cz4cy/F7p+VCfA9OCzIQAbKI/VLiPisORdj+tLVPILDeWsNB75G
+F4lhNMObt8E+mRkDm6RPPS4ac0nt6ReMp63lIyLNSvDMj8Yfi1f2wn3hBesVjl8d
+VMmj+Q7m16zgkPgBBrmw+ZUPXU2oyUW4+0RvGYvuWnVUdtm/34PD1LC0NKBKaX9T
+MDHrSIns0WpQ7P4vNVQyHW7MGgEl81uzIitSWuT/k+zH6YxBlxd7d66vmhNoxz9c
+aeEf7DE3wAb4819UYWt0/ciMJwSLPkBOaTeAsktKUHVsrMLVELWcWqSIS+PYbSX8
+g3tY1DlxAoGBANSiDKNjfr1rZRtpZvxnVkssLY/586UaHs+dFfyFyd0unr/rAPf/
+GO/BIO0NbBdRb3XORMuiLQN3xf+qgKfoS0kXYglDMGKbEAC/5o6ZMV6E2E/aFrxh
+xmgKTZxCBVnOxlAy33UFs+qR8tpOnR4auAc0pNPA9QB4I7q17vGJRMyHAoGBAMFf
+7nF2aJ/k0Fcl53Cabs/FIaAwL/GBvok6Ny8wWLwiMZCtsGUUywnUdN/qbfr2GwC5
+g0w2iaxGqQPI+qw2qn0utAIfZ0Tz2VAH+P3aUTuG+M4XWHObHVXxBUqO61X9zgV2
+sXRXcbDOx3HgZeDCjk0otcGVJoC3zgzaaEZi5mQVAoGAQer+2gQ1PUm27XmOmL78
+bI+EjHbjhpKDbL95GnDrdKtIQZz8DuXBeEo6B+M6WDxBvpa0kyByrfmKo0jbW7JS
+7JTYKqDuthL2MhVLx3dMa83pNVAZ7kqtdIGFL+TzvbSxnBk5VxDuhtC6Jd1rLfMA
+jBNQ6eiOy5dzFCXkrnJspq8CgYAO4ISFsihmdMIakk31+cugrHfjzRFDMUopYJMy
+TDPndXH+wX4aqLjeLrw3JeAEOL7nFV6mlGOPH3iNU/8FFMeVDezHZQca5O/JGnPr
+g8pQHBg0MtOZQUvGet5/V/N/ECGzhegtHTUf9yic+DieTBmKkiE5nXHy4TE3B+6R
+y7YR6QKBgQDUoNAFOnMZB4BQMeCb/pQQnzNkNTG+Y02eMKjo5eZZDfyusqIui29l
+KKcVGqvwVh2r8ocP7OnrQPVK9ZW7BcoYiqM2DjdKyl7AtQKnvWfPMai++oXKzo0y
+8sg7m1Ic26sKO9W9t87cfZtFKcbKVcImLWucd9R7Ny4M4r6xlRKWpA==
+-----END RSA PRIVATE KEY-----
+EOT
+      message = "test"
+    }
   }
 
   tags = {
diff --git a/website/docs/r/cdn_domain.html.markdown b/website/docs/r/cdn_domain.html.markdown
index cbeb7f8a12..abd4d8cc81 100644
--- a/website/docs/r/cdn_domain.html.markdown
+++ b/website/docs/r/cdn_domain.html.markdown
@@ -54,8 +54,7 @@ The following arguments are supported:
 
 The `client_certificate_config` object supports the following:
 
-* `certificate_name` - (Required) Client certificate name.
-* `certificate_content` - (Optional) Client Certificate PEM format, requires Base64 encoding.
+* `certificate_content` - (Required) Client Certificate PEM format, requires Base64 encoding.
 
 The `https_config` object supports the following:
 
@@ -82,7 +81,6 @@ The `server_certificate_config` object supports the following:
 
 * `certificate_content` - (Optional) Server certificate information. This is required when uploading an external certificate, which should contain the complete certificate chain.
 * `certificate_id` - (Optional) Server certificate ID.
-* `certificate_name` - (Optional) Server certificate name.
 * `message` - (Optional) Certificate remarks.
 * `private_key` - (Optional) Server key information. This is required when uploading an external certificate.