From what I read, the conversion tool only fixed embedded links. For example, you embed an image. The links to CSS files are embedded in the PHP files. The code is supposed to serve the correct protocol.
https://github.com/gjb2048/moodle-theme_essential/issues/321However, Moodle does not operate that way in practice. For example, our University site will not load the CSS under HTTPS, which is exactly what you see.
No one else at the university forces HTTPS, so we don't worry about it. My real Moodle site functions normally in HTTPS using a RewriteRule in Apache. I don't really care what protocol was requested, but I know Apache will take care of it. Having just checked my site, the source code (not a rewrite by apache) lists the CSS references as HTTPS. I installed it using HTTPS and did not have to deal with the mixed content. So, there must be a switch that one can flip for this in Moodle to enable HTTPS mode.
The actual answer might lie in Sites Administration > Server > HTTP. https://stackoverflow.com/questions/21782203/moodle-not-showing-css-and-theme-with-linux-server
Even so, if you can force HTTPS in the Apache (assuming you have access to the conf file), then Apache will change everything to HTTPS regardless of the request upstream. I figure you can't rely on users to use HTTPS without forcing them to do so.