As far as I can tell the main problem is that resources (mainly javascripts), are loaded through "http" while the [main] pages are loaded through "https". The browsers, for security reasons, will complain this "mixed" mode of page loading and prevent the download of the required resources.
When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe.
If you can configure the webserver to serve also *.js (and other resources) through https, that might do the trick Regards, Tony