OK... here's what is happening.
Code:
http://example.com is set to redirect to https://www.example.com.au
http://www.example.com is set to redirect to https://www.example.com.au
http://www.example.com.au is set to redirect to https://www.example.com.au
All fine and normal, redirecting http to https is fairly standard.
Where it breaks -
Code:
https://www.example.com DOESN'T have a valid security certificate or at least a valid certificate for that name. So the browser throws an error - and while it is configured to redirect to https://www.example.com.au the SSL error stops that redirect from happening.
Same with
Code:
https://example.com
Only valid reason I can think of this is that they are using a commercial SSL certificate provider, so each cert costs them on a yearly basis. I use LetsEncrypt - easy to set up, and free.
Also appears they are reverse proxying/using a load balancing service, and so that may be the reason behind the mis-named SSL certificates, etc.
Edit - crap, the auto URL parsing screwed everything up. Ain't gonna fix it. Not enough coffee yet.
Edit2 - sufficient caffeine intake obtained