For shutdown request in index.ftl shutdown() function the request is sent to the server using the hostname always. In secure cluster when a user is logged in using IP address/Hostname in URL then the cookie it gets also has IP addresss/Hostname respectively.
Now in secure cluster (not with Https enabled) when a user logs in using the ip address and submits a shutdown request, then that POST request is sent to server using the hostname. And since the cookie presented to the server is using the IP address the request is rejected or ignored. Hence the server doesn't shuts down. Whereas when user is logged in using hostname then everything works fine.
The fix is to use ip/hostname information from the URL rather than from the Drillbits list table in the index.ftl page. When done in that way the shutdown request will always go with correct Domain name for which it has the cookie as well.