I just noticed that your view source of the login page has the non ssl link.
as a base href