From 0f4f8e4770480db7d16b781289a1e5205529fea7 Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Sat, 28 Jun 2025 22:39:07 -0400
Subject: [PATCH] Fix certificate path

---
 CI_CD_PIPELINE_SETUP_GUIDE.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md
index 936b647..8682aed 100644
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@@ -481,6 +481,10 @@ sudo chmod 644 /etc/ssl/registry/registry.crt
 
 **Important**: The certificate is now generated in the system SSL directory `/etc/ssl/registry/` with your actual CI/CD Linode IP address automatically.
 
+**Note**: The permissions are set to:
+- `registry.key`: `600` (owner read/write only) - private key must be secure
+- `registry.crt`: `644` (owner read/write, group/others read) - certificate can be read by services
+
 #### 5.3 Create Authentication File
 
 ```bash
@@ -630,7 +634,7 @@ PUSH_USER="push-user"
 PUSH_PASSWORD=$(grep push-user /etc/registry/auth/auth.htpasswd | cut -d: -f2)
 
 # Copy the certificate to Docker's trusted certificates
-sudo cp /opt/registry/ssl/registry.crt /usr/local/share/ca-certificates/registry.crt
+sudo cp /etc/ssl/registry/registry.crt /usr/local/share/ca-certificates/registry.crt
 sudo update-ca-certificates
 
 sudo tee /etc/docker/daemon.json << EOF