mkdir -p /etc/docker/certs.d/example.com:2376
cp ca.pem server-cert.pem server-key.pem /etc/docker/certs.d/example.com:2376

nano /lib/systemd/system/docker.service

	-> Remove '-H fd://' from 'ExecStart'

# Create /etc/docker/daemon.json
tee /etc/docker/daemon.json << EOL
{
  "tlsverify": true,
  "tlscacert": "/etc/docker/certs.d/example.com:2376/ca.pem",
  "tlscert"  : "/etc/docker/certs.d/example.com:2376/server-cert.pem",
  "tlskey"   : "/etc/docker/certs.d/example.com:2376/server-key.pem",
  "hosts"    : ["fd://", "0.0.0.0:2376"]
}
EOL

# Reload and restart
systemctl daemon-reload
systemctl restart docker

# Test client connection from another server
# copy ca.pem, cert.pem and key.pem to another machine
docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem --host=example.com:2376 version