When running phpBB on Apache behind a proxy running HTTPS, Apache only sees the plain HTTP request from the proxy so the $request->is_secure() in phpbb/captcha/plugins/recapatcha.php will return false resulting in an http:// URL being returned for Google's reCaptcha when it should be https:// This causes reCaptcha to fail in browsers unless you click "Load unsafe scripts".

This is easily fixed by just using // URLs instead of http:// or https:// The patch below certainly fixes the problem but the logic for deciding which URL to serve could just be removed altogether:

--- recaptcha.php.orig	2017-07-16 19:07:13.000000000 +0100

+++ recaptcha.php	2017-10-29 21:02:52.105000506 +0000

@@ -15,8 +15,8 @@

class recaptcha extends captcha_abstract

{

-	var $recaptcha_server = 'http://www.google.com/recaptcha/api';

-	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(

+	var $recaptcha_server = '//www.google.com/recaptcha/api';

+	var $recaptcha_server_secure = '//www.google.com/recaptcha/api'; // class constants :(

var $response;

Also noted in this comment.