indeed, it should reconfigure Let's Encrypt / cerbot and at the last step choose "redirect all traffic to https" so that it is not possible to have this problem.