While we already have support for Let's Encrypt for GitLab Rails (https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2620), we are missing support for the Registry. We should look to apply similar rules and support that we have already added for Rails, to generating certificates for the Registry. * Use LE if you have chosen HTTPS but have not provided certificates. * Automatically renew This one is particularly important, as the Registry essentially needs HTTPS to properly function. (Setting Docker to trust an HTTP registry is quite hard, especially in k8s.)