Private docker registry with self signed TLS certificates not accepting valid basic authorization credentials

I have deployed a private docker registry (registry version 2.7) using Ansible (code given below). Followed official link https://docs.docker.com/registry/deploying/. Docker daemon and docker registry are running on the same machine. Registry and docker both are running on self signed certificates. I also added instructions in /etc/docker/daemon.json to allow insecure registry. Here is my ansible task

    - name: "Creating basic auth password file for registry"
      htpasswd:
        path: "role_dir/htpasswd"
        name: "username"
        password: "pass"
        owner: root
        group: www-data
        mode: 0640

    - name: "Create registry container"
      docker_compose:
        project_name: "registry"
        build: yes
        nocache: yes
        recreate: always

        definition:
          version: "3.2"
          services:
            registry:
              image: registry:2.7
              container_name: "private_registry"
              ports:
                - 5000:5000
              volumes:
                - "/var/run/docker.sock:/var/run/docker.sock"
                - "/pathToCerts/certs/docker-registry:/certs"
                - "dir_volume_for_reg:/var/lib/registry"
                - "role_dir/htpasswd:/auth/htpasswd"
              environment:
                REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/tls_cert_file"
                REGISTRY_HTTP_TLS_KEY: "/certs/tls_cert_key"
                REGISTRY_AUTH: htpasswd
                REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
                REGISTRY_AUTH_HTPASSWD_REALM: Registry
      register: output
      become: yes

Here is the docker configs file /etc/docker/daemon.json in which I instructed docker to allow private registry from my public machine in which docker daemon and docker registry are running.

{
    "hosts": [
        "fd://",
        "unix:///var/run/docker.sock",
        "tcp://127.0.0.1:2375",
        "tcp://0.0.0.0:2376"
    ],
    "debug": true,
    "tls": true,
    "tlsverify": true,
    "tlscacert": "path_to_my_ca.pem",
    "tlscert": "path_to_server-cert.pem",
    "tlskey": "path_to_server-key.pem",
    "insecure-registries" : ["x.x.x.x:5000", "a_domain_name:5000", "127.0.0.1:5000"]
}

With the above configurations when I access my server address https://x.x.x.x:5000/v2/_catalog, it asks for username and password for realm registry. Even providing the valid username and password, it never allows to acces the page, that is — it’s not accepting the authentication even though the username and password are valid.

Below are docker registry container logs

time=”2019-12-01T23:07:47.54040353Z” level=warning msg=”error authorizing context: basic authentication challenge for realm “Registry”: authentication failure” go.version=go1.11.2 http.request.host=”x.x.x.x:5000″ http.request.id=f01cd18f-1623-4f3d-863d-b2b72f93628a http.request.method=GET http.request.remoteaddr=”x.x.x.x:11581″ http.request.uri=”/v2/_catalog” http.request.useragent=”Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

I have tried many diferent possiblities but all went not working. I tried creating htpasswd file manually and then giving the path to htpasswd file in ansible configs but it still does not work. Can someone point out what problem is? Thanks for any comments in advance.

Source: StackOverflow