The connection to the update server must be secured, but it might not be using SSL the way connections to websites normally do. Perhaps the local install has not been updated in a while, so neither have the details about the server certificate. Then the local install might not accept the update server's certificate because the expected details don't match.
I have occasionally seen this type of construction when doing integrations.
If time could automatically fix issues, then yeah, Google would have been perfect. But every company (including Google) have long-running issues that haven't been addressed for decades at this point, and if no one is getting promoted for fixing the issue (in this particular case of Google's inaction), it's unlikely to be fixed.
I have occasionally seen this type of construction when doing integrations.