When I load the checkout page, which is in https, the header image that was loaded using the Customize>Site Identity is insecure. It seems to be directing the image source to the http instead of https.
Actually, it was even simpler than that to fix. I just used the GP Hooks plugin and loaded the header image there without using the http://www.etc and it worked.