HSTS setup on one system not working

Hi there,

I have one system (infos below) where I simply cannot get rid of the message that HSTS is not setup correctly. The system where the problem comes up has two services running under apache2, so I have basically three files under /etc/apache2/sites-available:

  • 000-default-le-ssl.conf
    General description, including certs config ; document root set to /var/www
  • nextcloud.conf
    Config file for nextcloud ; directing to /var/www/nextcloud
  • service2.conf
    Config file for the second service ; directing to /var/www/service2

Contents of /etc/apache2/sites-available/nextcloud.conf:

<IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

Alias /ncloud "/var/www/nextcloud/"

<Directory /var/www/ncloud/>
  Require all granted
  AllowOverride All
  Options +FollowSymlinks +MultiViews
 <IfModule mod_dav.c>
  Dav off

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

Redirect 301 /.well-known/carddav /ncloud/remote.php/dav
Redirect 301 /.well-known/caldav /ncloud/remote.php/dav
Redirect 301 /.well-known/webfinger /ncloud/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo /ncloud/index.php/.well-known/nodeinfo

I simply cannot see why the message keeps popping up. Can somebody please help me?

Nextcloud version (eg, 20.0.5): Nextcloud 21.0.3
Operating system and version (eg, Ubuntu 20.04): Debian GNU/Linux 10
Apache or nginx version (eg, Apache 2.4.25): 2.4.38-3+deb10u4
PHP version (eg, 7.4): PHP 7.3.27-1~deb10u1