I have enabled trial user on the hotspot
If the user try to browse HTTP sites , the hotspot welcome page appears
It he try to browse an HTTPS site , browser says it cannot open the page because of server connection has failed.
After a regular trial login (by choosing HTTP site) then also HTTPS sites can be displayed .
Any solution to display login page the first time with HTTPS requests ?
There’s no solution.
Hotspot uses a man-in-the-middle scheme to catch and redirect http requests.
Https protocol is designed to avoid this from happening, the device will get a warning about potential security breach.
try this:
https://wiki.mikrotik.com/wiki/Manual:Hotspot_HTTPS_example
Or purchase a valid certificate like: let’s encrypt - is free but is valid for 90days and need recertificate.
Anyway, from what I saw, once authenticated (user/pass or trial) the user is able to browse any HTTPS site, isn’t it ??
A workaround could be to invite users to visit a valid HTTP site (i.e. the restaurant one) to be brought to the login page … 
P.S.
Does it matter if only trial auth has to be used ??
Anyway, from what I saw, once authenticated (user/pass or trial) the user is able to browse any HTTPS site, isn’t it ??
Yes, once authenticated traffic is not restricted, no matter if HTTPs or whatever, no need to specify anything.
A workaround could be to invite users to visit a valid HTTP site (i.e. the restaurant one) to be brought to the login page … >
Exactly. Any HTTP request will brought up the captive portal page.
I have found that over-complicating things can be avoided by this simple approach:
Tell the staff to advice people to browse to some simple URL; e.g. say the hotspot static DNS entry hostname is “restaurant”: advice customers to just enter “restaurant” (or “wifi”, or “internet”, or any simple word, just make sure you create an static DNS entry so that it actually resolves to the captive portal IP)
Put google HTTPS in walled garden. Most people will have google as home page, or will try accessing it, most times the search results will include http sites that will “catch” and redirect to the captive portal.
P.S.
Does it matter if only trial auth has to be used ??
No.
I’m not experienced but, once an HTTPS request from a not yet authenticated user comes to hotspot , is it still not possible to answer back and tell the browser “reload this HTTP page” ??
Is the problem related to web browser itself when it asks for HTTPS but it receives back something different ??
Try it, the user will get a big bold security or threat warning.
No doubt on getting back warnings, already proved…
I just want to understand where is the problem, if it is intrinsic in the browser then…yes, there is not so much to do…
There is no problem to fix, HTTPS is designed exactly to prevent this.
