Update the redirect value for the checkout button.
Instead of going to: "checkout.php", change it to: "https://www.yoursite.com/checkout.php"
It will go to secure if you tell it to, but it won't automatically know to go to secure. You need to link the user to the secure site when you are ready for the secure portion. In this case the checkout is a logical place.