Download failure for w61 glb - Cannot verify download.sysinternals.com certificate

When trying to download updates for Windows 7 from a clean Windows 7 x86 machine installation (WSUS Offline CE ESR 11.9.7), the following error is shown into the screen:

ERROR: Cannot verify download.sysinternals.com's certificate, issued by 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US:
  Self-Signed certificate encountered.
To connect to download.sysinternals.com insecurely, use '--no-check-certificate'.

ERROR: Download failure for w61 glb.

I believe it happens by one or more of the following reasons:

1. A clean Windows 7 install do not have SHA-2 hotfix installed and maybe it doesn't allow it to validate SHA-2 certificates(?)
2. A clean Windows 7 install do not have Root Certificates store updated so it cannot validate newer certificates signed by newer CA's? (Update: I updated the Root Certificates using WSUS Offline CE ESR but the issue persisted)

Maybe a workaround would be installing these updates manually or adding the '--no-check-certificate' flag (not recommended) to WSUS Offline CE ESR so it would continue the download normally, or maybe printing a message to the user installing those updates manually before using WSUS Offline CE ESR to download updates into those legacy systems.