Getting x509: certificate signed by unknown authority when talking to docker registry

Hi, I've just started out on my first gitlab-ci setup, and I'm having some problems (but I am in awe of how great this is...)

I have a private registry (now gitlab 8.8) with which I am using my own SSL certificates. What I can't seem to do is get the runner to login (or push) to the registry (and thus I can't push my product build in the registry automatically). I'm sure there is a step that I'm missing - and I've spent many an hour trying to figure out how this all glues together.

So my build output can be seen on my gitlab: http://dev.leenooks.net/leenooks/base/builds/17 - I'm trying to fix the

$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.leenooks.net
Error response from daemon: Get https://registry.leenooks.net/v1/users/: x509: certificate signed by unknown authority

Essentially, I know that docker needs to have my CA cert, but I can't figure out how I give to the runner (or the docker dind container that the runner is using). (I can login to my registry and generally pull/push images, so I know my SSL certs are fine).

My config.toml:

concurrent = 1

[[runners]]
  name = "Docker Runner"
  url = "http://dev.leenooks.vpn/ci"
  token = "xxx"
  executor = "docker"
  [runners.docker]
    tls-ca-file = "/etc/docker/certs.d/registry.leenooks.net/ca.crt"
    image = "docker:latest"
    privileged = true
    disable_cache = false
    volumes = ["/cache", "/etc/docker/certs.d:/etc/docker/certs.d:ro"]
  [runners.cache]
    Insecure = false

Where/how do I give docker my ca cert?