diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index 03b9668d9cbf18a30817733365f0971a8bb9b6a7..ecea9dd75bdd5062551ccd9a557cbf8361e71f09 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -111,6 +111,29 @@
     mode: 0640
   notify: restart containerd
 
+- name: containerd ｜ Create registry directories
+  file:
+    path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}"
+    state: directory
+    mode: 0755
+    recurse: true
+  with_items: "{{ containerd_insecure_registries }}"
+  when: containerd_insecure_registries is defined
+
+- name: containerd ｜ Write hosts.toml file
+  blockinfile:
+    path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}/hosts.toml"
+    owner: "root"
+    mode: 0640
+    create: true
+    block: |
+      server = "{{ item.value }}"
+      [host."{{ item.value }}"]
+        capabilities = ["pull", "resolve", "push"]
+        skip_verify = true
+  with_items: "{{ containerd_insecure_registries }}"
+  when: containerd_insecure_registries is defined
+
 # you can sometimes end up in a state where everything is installed
 # but containerd was not started / enabled
 - name: containerd | Flush handlers
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index c1bda12b8b448a9595d2e4921a12c30d79e3c651..620bff5467f2525ee2a0d84305dbf6f780747e38 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -47,6 +47,9 @@ oom_score = {{ containerd_oom_score }}
           runtime_type = "io.containerd.runsc.v1"
 {% endif %}
     [plugins."io.containerd.grpc.v1.cri".registry]
+{% if containerd_insecure_registries is defined and containerd_insecure_registries|length>0 %}
+      config_path = "{{ containerd_cfg_dir }}/certs.d"
+{% endif %}
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 {% for registry, addr in containerd_registries.items() %}
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]