For now you could fix it by using:
mysite.org:80 {
redirect mysite.org:443
}
mysite.org:443 {
proxy / localhost:3000
tls /etc/ssl/mycerts/websvr.pem /etc/ssl/mycerts/key.pem
}
But that shouldn’t happen with the caddyfile you provided. Providing a domain without protocols/ports should force a redirect to 443 and serve the domain under the port 443.