Got it all sorted out!
http: TLS handshake error from 172.29.0.1:58610: no certificate available for '' is because I have no hostname because I’ve hard-coded an IP address for the label.
Once I mapped a hostname to localhost in /etc/hosts locally and specified that hostname as the label in my Caddyfile everything worked as expected.
Turns out I don’t need to mark it as an insecure registry either, Docker doesn’t seem to be worried about the self-signed cert. 