Internet security protocols evolve over time and this can scupper older platforms and their support tools. In this case it's Microsoft's rather handy Over-the-cable Updater utility. This runs with a command line interface under Windows and - in theory - updates any Windows phone (8.1 or 10) to the latest officially supported OS/firmware version. Very useful over the years, but security (TLS) changes at Microsoft's end have broken it - and it seems there's no hope at this stage of Microsoft fixing the tool to work seamlessly with the newer Internet security. Hence this slightly geeky workaround.

I should point out that I'm only writing this up with screenshots here to help out. The original fix is detailed here. Essentially, the Internet has moved on to 'TLS 1.2' handshaking when setting up secure connections, while the old OTC Updater tool doesn't support this. Hence some new registry keys are needed on your PC in order to tell Windows to ignore what the app asks for and to feed it top security anyway, matching what the servers now use.

Now, I want to point out that:

• I'm no protocols expert - I don't believe the changes here damage other aspects of your PC's security if left in place. If anything, the flags below make sure that the strongest security is used, even for older and unsupported programs. But just in case, I'd strongly suggest that you do at least think about doing this on a spare or secondary PC (I have an old Surface Pro kept around for flashing and hacking duties, quite apart from my main accounts and files on other devices!)
• As ever, you fiddle with the Windows registry at your peril. Export it or back it up before proceeding, and if something goes horribly wrong then we're not responsible!

The registry modifications do work though, as evidenced by my screenshots here.

Trying to use OTC Updater before the mod gives this typical display:

The wall of red error messages tells its own sad story. TLS (Transport Layer Security) does indeed seem the issue. 

So, in the Windows registry (if you have to ask how to edit this then you're not qualified to make these modifications!)

1. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
2. Create a new entry SystemDefaultTlsVersions with a REG_DWORD value set to 1.
   
   
    
3. Create a new entry SchUseStrongCrypto with a REG_DWORD value set to 1.
   
   
   
   
     
4. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
5. Create a new entry SystemDefaultTlsVersions with a REG_DWORD value set to 1.
6. Create a new entry SchUseStrongCrypto with a REG_DWORD value set to 1.
7. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
8. Create a new entry SystemDefaultTlsVersions with a REG_DWORD value set to 1.
9. Create a new entry SchUseStrongCrypto with a REG_DWORD value set to 1.
10. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
11. Create a new entry SystemDefaultTlsVersions with a REG_DWORD value set to 1.
12. Create a new entry SchUseStrongCrypto with a REG_DWORD value set to 1.
13. Restart Windows.

You should now find that OTC Updater runs just fine, as it did for me here:

If this doesn't sort out the problem for you, then a couple of extra registry keys are mentioned in the source link). Either way, hopefully your Windows phones are updating again using this tool - it's not clear how much longer Microsoft will leave all the OS images online for, though. So best do any factory resetting and updating sooner rather than later?