I have a wildcard certificate and it's ok for both web console, router and metrics.
I followed the doc  and was able to access the docker registry externally but from an untrusted certificate (self-signed certificate).
In the doc, first I created the passthrough route what should be a valid certificate from the router, after I created the self-signed certificate to the docker registry and finally I was able to access the registry externally but from an untrusted certificate
On the other hand, the metrics use self-signed certificate and the route is re-encrypt 
I created the re-encrypt route to the docker registry too and it seems be ok.
My local docker is configured with --add-registry instead of --insecure-registry and now I'm able to login and push images to the registry from a trust certificate
Is it recommended to work in production or should I deploy the registry directly with the custom certificate ?