This one takes the cake... The browser(s) all started giving "mixed content" warnings (trying to fetch embedded content via insecure/http with a page that was fetched secure/https. 85 errors like this! But... here's the corker... all of the references (images, form actions etc) were specified without http or https, and no domain name. THese links should be relative to the parent document (all hell would break loose otherwise). And they are supposed to pick up the scheme (http vs https) of the parent document. But they were all being flagged as "mixed content" and the stylesheet loading was being refused. Fortunately, and I am so lucky I found this in reasonable time, there is a header that will tell the browser to automatically upgrade all insecure requests to secure. I can't understand why the browser thinks the links are "mixed" in the first place, but adding this (safe) header option solved the problem and at this point I have bigger fish to fry, so ... onward.