diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index c3886f4..5ff283e 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -10,8 +10,11 @@ env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  build:
+  build-linux:
     runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        target: ["x86_64-unknown-linux-gnu", "aarch64-unknown-linux-gnu", "armv7-unknown-linux-gnueabihf"]
     env:
       CC: clang-18
       CXX: clang-18
@@ -24,7 +27,7 @@ jobs:
         wget https://apt.llvm.org/llvm.sh
         chmod +x llvm.sh
         sudo ./llvm.sh 18
-        sudo apt-get install -y crossbuild-essential-arm64
+        sudo apt-get install -y crossbuild-essential-arm64 crossbuild-essential-armhf
     - uses: actions/cache@v4
       with:
         path: |
@@ -33,34 +36,29 @@ jobs:
           ~/.cargo/registry/cache/
           ~/.cargo/git/db/
           target/
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        key: cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
     - name: Install toolchain
       run: |
         rustup update
         rustup toolchain install nightly
-        rustup target add --toolchain nightly x86_64-unknown-linux-gnu aarch64-unknown-linux-gnu
-    - name: Build x86_64
+        rustup target add --toolchain nightly ${{ matrix.target }}
+    - name: Build
       env:
         CARGO_HOST_LINKER: "clang-18"
         CARGO_HOST_RUSTFLAGS: "-Clink-arg=-fuse-ld=lld-18"
         CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "-Clinker-plugin-lto -Clinker=clang-18 -Clink-arg=-fuse-ld=lld-18 -Clink-arg=--target=x86_64-unknown-linux-gnu"
-      run: cargo +nightly -Ztarget-applies-to-host -Zhost-config build --verbose --release --target=x86_64-unknown-linux-gnu
-    - uses: actions/upload-artifact@v4
-      with:
-        name: hath-rust-x86_64
-        path: target/x86_64-unknown-linux-gnu/release/hath-rust
-    - name: Build aarch64
-      env:
-        CARGO_HOST_LINKER: "clang-18"
-        CARGO_HOST_RUSTFLAGS: "-Clink-arg=-fuse-ld=lld-18"
         CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "-Clinker-plugin-lto -Clinker=clang-18 -Clink-arg=-fuse-ld=lld-18 -Clink-arg=--target=aarch64-unknown-linux-gnu"
-      run: cargo +nightly -Ztarget-applies-to-host -Zhost-config build --verbose --release --target=aarch64-unknown-linux-gnu
+        CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_RUSTFLAGS: "-Clinker-plugin-lto -Clinker=clang-18 -Clink-arg=-fuse-ld=lld-18 -Clink-arg=--target=armv7-unknown-linux-gnueabihf"
+      run: cargo +nightly -Ztarget-applies-to-host -Zhost-config build --verbose --release --target=${{ matrix.target }}
     - uses: actions/upload-artifact@v4
       with:
-        name: hath-rust-aarch64
-        path: target/aarch64-unknown-linux-gnu/release/hath-rust
+        name: hath-rust-${{ matrix.target }}
+        path: target/${{ matrix.target }}/release/hath-rust
   build-windows:
     runs-on: windows-latest
+    strategy:
+      matrix:
+        target: ["x86_64-pc-windows-msvc", "i686-pc-windows-msvc"]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/cache@v4
@@ -71,13 +69,17 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
+      - name: Install toolchain
+        run: |
+          rustup update
+          rustup target add ${{ matrix.target }}
       - name: Build
-        run: cargo build --verbose --release
+        run: cargo build --verbose --release --target ${{ matrix.target }}
       - uses: actions/upload-artifact@v4
         with:
-          name: hath-rust-windows
-          path: target/release/hath-rust.exe
+          name: hath-rust-${{ matrix.target }}
+          path: target/${{ matrix.target }}/release/hath-rust.exe
   build-macos:
     runs-on: macos-14
     steps:
@@ -90,7 +92,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
       - name: Install toolchain
         run: |
           rustup update
@@ -103,5 +105,5 @@ jobs:
         run: lipo -create target/x86_64-apple-darwin/release/hath-rust target/aarch64-apple-darwin/release/hath-rust -output target/release/hath-rust
       - uses: actions/upload-artifact@v4
         with:
-          name: hath-rust-macos
+          name: hath-rust-universal-apple-darwin
           path: target/release/hath-rust
diff --git a/Cargo.toml b/Cargo.toml
index 07d0324..4689bfe 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,7 +11,6 @@ axum = { version = "0.7", default-features = false, features = ["http1", "matche
 bytes = "1.5"
 chrono = "0.4"
 clap = { version = "4.5", features = ["derive", "wrap_help"] }
-cpufeatures = "0.2"
 filesize = "0.2"
 filetime = "0.2"
 futures = "0.3"
@@ -39,6 +38,10 @@ tokio-stream = { version = "0.1", default-features = false, features = ["fs"] }
 tower = { version = "0.4", features = ["util", "timeout"] }
 tower-http = { version = "0.5", features = ["fs"] }
 
+# cpufeatures not support all platforms
+[target.'cfg(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64"))'.dependencies]
+cpufeatures = "0.2"
+
 [target.'cfg(not(any(target_env = "msvc", target_os = "macos")))'.dependencies]
 tikv-jemallocator = { version = "0.5", features = ["background_threads", "unprefixed_malloc_on_supported_platforms"] }
 
diff --git a/src/rpc.rs b/src/rpc.rs
index c4c51ce..461e172 100644
--- a/src/rpc.rs
+++ b/src/rpc.rs
@@ -211,7 +211,10 @@ impl RPCClient {
             .and_then(|cert| cert.parse2(self.key.as_str()).ok());
 
         if let Some(cert) = &cert {
-            let tomorrow = Asn1Time::from_unix(self.get_timestemp() + 86400).unwrap_or_else(|_| Asn1Time::days_from_now(1).unwrap());
+            let timestamp = (self.get_timestemp() as isize) // Maybe is 32 bit system
+                .checked_add(86400)
+                .map(|t| Asn1Time::from_unix(t.try_into().unwrap()).unwrap());
+            let tomorrow = timestamp.unwrap_or_else(|| Asn1Time::days_from_now(1).unwrap());
             if cert.cert.is_some() && cert.pkey.is_some() && cert.cert.as_ref().unwrap().not_after() < tomorrow {
                 error!("The retrieved certificate is expired, or the system time is off by more than a day. Correct the system time and try again.");
                 return None;
diff --git a/src/server/ssl.rs b/src/server/ssl.rs
index 38beec8..ccceb72 100644
--- a/src/server/ssl.rs
+++ b/src/server/ssl.rs
@@ -13,8 +13,7 @@ pub fn create_ssl_acceptor(cert: &ParsedPkcs12_2) -> SslAcceptor {
     let _ = builder.set_num_tickets(1);
 
     // From https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
-    cpufeatures::new!(cpuid_aes, "aes");
-    if !cpuid_aes::get() {
+    if !aes_support() {
         // Not have AES hardware acceleration, prefer ChaCha20.
         builder
             .set_cipher_list(
@@ -64,3 +63,14 @@ pub fn create_ssl_acceptor(cert: &ParsedPkcs12_2) -> SslAcceptor {
     }
     builder.build()
 }
+
+#[cfg(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64"))]
+fn aes_support() -> bool {
+    cpufeatures::new!(cpuid_aes, "aes");
+    cpuid_aes::get()
+}
+
+#[cfg(not(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))]
+fn aes_support() -> bool {
+    false // Unable to check AES acceleration support, assumed negative.
+}