Is there a way to force the plugin updater to use the HTTPS version of the update site (e.g., https://jenkins-updates.cloudbees.com/update-center.json)?
Starting from the Release 22.214.171.124 CloudBees Update Center service is consumed using exclusively
HTTPS. Therefore, all the currently supported releases should download plugins exclusively over the secure connection.
See CloudBees maintenance lifecycle for currently supported releases.