There is a very odd configuration situation here, which is that when the client does not requesting a name with SNI, your server sends the valid Let’s Encrypt certificate for owncloud.august.de, while when the client does request the server owncloud.august.de, your server sends the self-signed test certificate!
openssl s_client -connect owncloud.august.de:443 # no servername requested; correct certificate returned
openssl s_client -servername owncloud.august.de -connect owncloud.august.de:443 # correct servername requested; incorrect certificate returned
This is the exact reverse of the configuration problem that we normally see in this situation!
Please do not use
privkey1.pem. Their contents are identical to the
live versions but don’t auto-update. Please use the
live versions (