Yes absolutely. All the sites I manage are either HTTPS only or force redirection to HTTPS.
I thought maybe it was caused by the redirection so I tried a full page refresh a few times but it kept reporting falsely until I dismissed it.
I use some fairly strict SSL settings to get an A+ rating, here they are in case it helps:
## SSL Configuration ##
ssl_certificate /etc/ssl/mycert.crt;
ssl_certificate_key /etc/ssl/mypriv.key;
ssl_session_timeout 5m;
add_header Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_buffer_size 8k;
ssl_session_cache shared:SSL:30m;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_stapling on;
resolver 8.8.8.8;
resolver_timeout 10s;
ssl_stapling_verify on;
