This is fixed now. HTTPS should be working. We also should change the "Log in" link in the header to point to HTTPS. I tried to do this but was really confused by the "header" widget and why there are like 5 bizarre entries for printing out the "Log in" link all having something to do with querying the database first. Can someone else please make heads or tails of that and make sure that the "Log in" link always points to https://? Reassigning this to rejon for delegation.