> Users on civilian network can continue downloads through the Advance tab in the error message.

They are literally telling users to click through the browser errors about the bad cert. They don't mention that there is a very specific error they should be looking for (expired cert). This gives any MITMer the opportunity right now to replace downloaded executables with malware-laden ones using nothing more than a self-signed cert and a proxy. You can bet your boots China, NK, Iran, Russia are all having a good laugh. Biggest military in the world and they can't get a web server working.