Remove the “www” and the HTTPS encryption will work just fine.
Technically speaking, the encryption itself works just fine with wrong domain too, but as it's not listed on certificate it's not valid for www.sopuli.xyz domain.
Some time after going to sopuli.xyz on Firefox on my laptop and sharing the link to my wife the www was injected. I copied the address in Firefox’s address bar and pasted that into telegram. Which she then clicked that link on her phone.
The "www" in a URL isn't just random. It either isn't part of a websites address, or it is. Whether it works, or redirects to something that works, is up to any given website.
Some don't work at all if you add it when it's not supposed to be there.
I did, I even tried in a new private browsing window and it still did it.
ETA: I manually deleted the www and it works fine (I had to relogin) and is not auto populating the www again. But if I open a new tab/window and type in sopuli.xyz it adds in the www.