Hi, Jenkins Infrastructure SRE here 
We have not changed anything related to certificates on https://updates.jenkins.io in the past 3 months (except that the certificate was renewed automatically by LetsEncrypt on September 21 like every 3 months).
However we enforced TLS 1.2 on the download mirrors behind https://updates.jenkins.io last week: Enforce at least TLS 1.2 in our webservices · Issue #4847 · jenkins-infra/helpdesk · GitHub.
The error you have is unexpected: it is a HTTP client-side error.
Let’s start step by step: can you try the URL https://updates.jenkins.io/download/plugins/azure-keyvault/327.v3f37dc30312a_/azure-keyvault.hpi with the Powershell Invoke-WebRequest:
What are the results, from the Windows machine where you have Jenkins and the errors you mentions, of the 2 following commands?
Invoke-WebRequest https://updates.jenkins.io/download/plugins/azure-keyvault/327.v3f37dc30312a_/azure-keyvault.hpi -Verbose
and
Invoke-WebRequest -Verbose https://updates.jenkins.io/download/plugins/azure-keyvault/327.v3f37dc30312a_/azure-keyvault.hpi -MaximumRedirection 0
=> Also, what is the JDK you are using (distribution, and exact version from java.exe --version?