Chrome throw errors caused by mixed content (insecure elements on a secure site). Error from Chrome developer console: "Mixed Content: The page at 'https://mysite.com/index.php/login:1' was loaded over HTTPS, but requested an insecure script 'http://mysite.com/index.php/install'. This request has been blocked; the content must be served over HTTPS."
Meaning, that concrete5 explicitly refers to the HTTP variant.
Possible fix for JS/CSS resources is to leave out the protocol, that way, it would automatically select HTTP or HTTPS, depending on what is used.
Apparently this issue has something to do width forced redirect to SSL or possibly Cloudflare. When deactivating Cloudflare, turning off forced SSL redirect at the web server and clearing the local browser chase the problem is gone.
Confirm Bug
Code
concrete5 Environment Information
Unable to load environment info
Browser User-Agent String
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Delete Post
You are allowed to delete your post for 5 minutes after it's posted.