UrlResolver.GetUrl will get the host from the SiteDefinition, so if you set up your site to be http, it will use it. Simply change the setting here
Have you specified any scheme in the host settings?
In my example website; I did not specify any scheme in host settings.
Now when I access URL with https all links use with https binding.
when I access URL with http all links use with http binding.
It could be G crawler or indexer is accessing your website in http.
I think you just need to check if your production website is accessible from HTTP. If yes, you can change to allow https binding only.
You can do that by creating a rule in web.config or ask Episerver to enable force https rule from cloudflare.
Has anyone came across this issue where the function UrlResolver.GetUrl returns absolute URL with http links from ContentReference instead of https. This causes google to mark our site as not completely secure. This is happeninig only in live site and in all other environments this is working fine and creates only https links.