As of Replicated 2.25, provided certs will be used for internal Replicated communication in addition to serving the admin console. For the Replicated Docker registry to use the provided cert the server IP address must be listed as a SAN in the certificate. If the IP is not present Replicated will use a self-signed certificate for the internal Docker registry, but will still use the provided certificate for other internal communication.
This IP address will be the private address chosen during the installation. It will be either auto-detected by the install script (if there is only one physical interface) or it will be selected manually by the person installing replicated.
After Replicated has been installed, the IP address can be checked by running
replicatedctl params export | grep RegistryAdvertiseAddress