When creating a "call to action" button embedded in a Punchh campaign email it is always best practice to use a secure URL as certain mobile mail clients will not allow users to click on buttons that contain URLs that don't "appear" to be secure.
For example, when configuring a CTA button as seen below, it is better to use https://happyguyorder.happyguy.com instead of happyguyorder.happyguy.com
The second option may work, but certain mail clients may deny access to the button for security concerns.