joomla BASE HREF uses HTTP instead of HTTPS

I'm sorry, but I don't think the current answer is really correct. This answer promotes a hack and goes around the problem. The next time you update Joomla, you'll have to update the core file, because it is going to be overriden.

Actually if we look in the code for JURI in getInstance we can see this:

// Determine if the request was over SSL (HTTPS).if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')){        $https = 's://';}else{        $https = '://';}

The question is why are there servers where $_SERVER['HTTPS'] is obviously not initialized. Although I can't tell you why, what I found out to work is adding this lines to the .htaccess file at the begining:

<IfModule mod_env.c>   SetEnv HTTPS on</IfModule>

By doing this $_SERVER['HTTPS'] seems to be initialised and Juri::current will return what we expect - an url starting with https.

Check your *$live_site* variable in your configuration.php file and change it to your https address.

Attention: This is a hack. Please do test Daniel Dimitrovs answer first. If it works, please leave me a comment here.

I found a work around.

In the file includes/application.php I changed the following block

if($router->getMode() == JROUTER_MODE_SEF) {   $document->setBase(JURI::current());}

to:

if($router->getMode() == JROUTER_MODE_SEF) {   $document->setBase(JURI::root());}

I don't know why JURI::current() returns an http URL instead of a https but after that change the site works as expected.

CAREFUL: after that change the Administrator part was broken until I disabled force_ssl in configuration.php. I enforce SSL through my apache configuration so that was not a problem for me.