To clarify, this comes up as people regularly state that they redact their domain names out of fear of those domains becoming public knowledge. Certificate Transparency logs mean that your domain, and the fact that you were given an SSL certificate for it, is already public knowledge.
Hasty or improper redaction also causes some problems. For one example, you’ve changed your domain name to
othersite.mydomain.com, but did you know that’s actually someone else’s domain you’re now using in your request for help? https://www.mydomain.com/ is actually a domain registrar, and it looks like they serve their site with Apache. Also, did you consider that someone else might actually control the
firstname.lastname@example.org Gmail account?
The Internet Assigned Numbers Authority (IANA) actually reserve a few domains for this purpose;
example.org. You can use these for illustrative examples and documentation without having the real owner pop up in this thread after searching the internet for their own domain name or discovering referred traffic from people browsing to their site (as we’ve had in the past, believe it or not).
But the main issue is this:
The wording here is a fairly direct implication that the config you’ve posted is not actually what you’re using. Small details matter a lot; the exact specifics of your actual, in-use Caddyfile are where the real issue arises in the vast majority of cases.
Based on what you have provided, the only information we (or anyone) could give is that the configuration you gave is not designed to produce any redirects (other than upgrading HTTP to HTTPS) and that there are no known bugs that might cause it to do so.
Have you ever redirected between these sites in the past?
Generally speaking, browsers will remember redirects for a(n annoyingly) long time, but they won’t ever produce a (seemingly random) redirect like that.