GitLab CI 9.04 build Docker images returns x509: certificate signed by unknown authority

Hi,
I’m trying to build Docker images with via GitLab Ci Pipeline.
A Runner is online and starts the Job on the host machine.
The Runner itself is a Docker Container.

According to the Dockerfile, docker tries to pull an image of our local registry but fails with:
x509: certificate signed by unknown authority

If I start the docker:dind manually on the host, connect to it and execute the commands the build works fine.

Does anyone experienced this before?

Thank you for your help!

Here is my .gitlab-ci.yml:
stages:
- Dockerfile

build_docker:
  stage: Dockerfile
  image: docker:latest
  variables:
    CI_JOB_TOKEN: <MY_CI_JOB_TOKEN>
  services:
    - docker:dind
  script:
    - curl -fSL "<MY_CA.crt>" -o /usr/local/share/ca-certificates/ca.crt
    - mkdir -p /etc/ssl/certs/ && update-ca-certificates --fresh
    - mkdir /root/.docker 
    - curl -fSL "<MY_AUTH_CONFIG>" -o /root/.docker/config.json
    - docker info
    - docker build -t <MY_REGISTRY>:<MY_TAG> .
    - docker push <MY_REGISTRY>:<MY_TAG>

Now it’s running…
I added our self signed certificate(s) into the runner certs dir with the git-url as name.
Also I changed the runner config and added “/var/run/docker.sock:/var/run/docker.sock” to the volumes.
I started the runner with this configuration but it wasn’t used!

Right off the bat, I suspect you didn’t restart docker. As I understand it, docker only reads the /etc/docker/ssl contents at startup.

Is there a way to do this without binding to the host’s docker socket? How can one restart the docker daemon from within the Docker dind Alpine image?