Subsite login has insecure target

For some weird reason, my subsite login forms all point to http instead of https.

I am using the force SSL plugin and the ssl insecure content fixer plugin.

All urls in database have https specified.

I have also added this to wp-config

define('FORCE_SSL_ADMIN', true);
define( 'FORCE_SSL_LOGIN', true );

I cannot understand why the subsite login form is generated with a link to http instead of https.

I am using cloudflare flexible ssl but I have enabled development mode to ensure its not a caching issue and also I don't have any caching plugins active.

Right now I don't have xdebug on my hosting so I am at a loss why this is happening.

Any ideas?