Docker注册表的Docker / GitLab身份验证返回401错误

我正在尝试使用gitlab（docker）的auth配置我的docker注册表。

做docker login registry.website.com给我一个401 Unauthorized错误：

Error response from daemon: login attempt to https://registry.website.com/v2/ failed with status: 401 Unauthorized

在docker日志中我找到了

{ "level":"info","msg":"token signed by untrusted key with ID: \"IWNY:KT2H:YUN5:STQP:22LM:YNIU:RT4T:AZO7:TBVL:ZQ3I:Z4JZ:LA3T\"","time":"2018-12-17T23:36:03.538232467Z" }
{ [...] "level":"warning","msg":"error authorizing context: invalid token","service":"registry","source":"registry","time":"2018-12-17T23:36:03.53860308Z","version":"v2.6.2" }

我的钥匙是通过做生成的

$ sudo openssl req -new -newkey rsa:4096 -subj "/CN=gitlab-issuer" -nodes -x509 -keyout registry-auth.key -out registry-auth.crt
$ sudo chmod 400 registry-auth.key

在我的调试尝试中，我得到了不同的sha256摘要：

459b854f47c51bd94e0fd696cc35148cf93065df986abcc368cf13958373d298
459b854f47c51bd94e0fd696cc35148cf93065df986abcc368cf13958373

正如@VDR所示，这是正常的，因为前30个字符被使用。因此，键应该没有问题。但为什么我会收到401错误？

这是我配置gitlab和注册表的方式：

docker gitlab（gitlab.rb）的配置使用key by

gitlab_rails['registry_key_path'] = "/certs/registry-auth.key"

注册表配置有

auth.token.rootcertbundle: /root/certs/registry-auth.crt

nginx的代理/ vhost.d /泊坞窗，registry.conf

proxy_pass                          http://registry.website.com;
proxy_set_header  Host              $http_host;   # required for docker client's sake
proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header  X-Forwarded-Proto $scheme;
proxy_read_timeout                  900;

我不知道我在这里缺少什么......