A certificate issuer may supply you with an intermediate certificate. In this case, you must combine your certificate with the intermediate's to form a certificate bundle. You can do this using the cat command:
$ cat server.crt intermediate-certificates.pem > server.with-intermediate.crt
You then configure the registry to use your certificate bundle by providing the REGISTRY_HTTP_TLS_CERTIFICATE environment variable.