I tried to report this in the moodle tracker, but it blocked me saying I had not searched for an existing issue - which I had. Perhaps someone else can log the bug?
Forgotten password has stopped working for https connections in the latest release (3.1.2). It looks like issue MDL-50803 was attempted to be fixed, but it introduced this bug by adding the following line to login/forgotten_password.php
redirect($CFG->wwwroot . '/login/forgot_password.php');
but it should check $CFG->loginhttps to decide whether to redirect to a secure URL;
if($CFG->loginhttps){
redirect($CFG->httpswwwroot . '/login/forgot_password.php');
} else {
redirect($CFG->wwwroot . '/login/forgot_password.php');
}