Certificate Signed by Unknown Authority connecting to docker-registry after certificate redeploy

Issue

• I get an x509: certificate signed by unknown authority. error when trying to login to my internal image registry, even though it worked before I redeployed my cluster certs and CA:

# docker login -u <USER> -e <EMAIL> -p `oc whoami -t` <SVC_IP>:5000
Error response from daemon: invalid registry endpoint https://<SVC_IP>:5000/v0/: unable to ping registry endpoint https://<SVC_IP>:5000/v0/
v2 ping attempt failed with error: Get https://<SVC_IP>:5000/v2/: x509: certificate signed by unknown authority
 v1 ping attempt failed with error: Get https://<SVC_IP>:5000/v1/_ping: x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry <SVC_IP>:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/<SVC_IP>:5000/ca.crt

• I ran the OpenShift Cert redeploy playbook

ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/redeploy-certificates.yml --extra-vars "openshift_certificates_redeploy_ca=true"

but now can't login to my internal docker registry