If you are using Block Pages Bypass, it is expected that a HTTPS/HSTS certificate error will be raised.
This is the correct and expected behaviour. When using Bypass Blocked Pages, our servers are acting as a forward proxy allowing only the authenticated user to access the domain. If we changed the DNS response, all users on your network would be able to access the resource.
The HTTPS certificate error is due to the this mechanism. Since we can't pretend to be whichever domain you are actually trying to connect to, your browser is simply letting you know that the certificate doesn't match the destination. This does not normally impact your ability to use a particular website.
To ensure that Bypassed Block Page content shows up properly, please ensure you add the Cisco Root CA as specified here.