I have applied certificates for mydomain(www.mydomain.top) by this:

#docker run -it --rm --name certbot             -v "/etc/letsencrypt:/etc/letsencrypt"             -v "/var/lib/letsencrypt:/var/lib/letsencrypt"      -p 80:80       certbot/certbot certonly

1.And I copied fullchain.pem,privkey.pem into directory

#cp fullchain.pem /etc/ssl/certs/fullchain.pem
#cp privkey.pem /etc/ssl/private/privkey.pem
#cp fullchain.pem  /etc/ssl/certs/fullchain.pem

2.After that I edited the apache configuration default-ssl.conf:

 ServerName www.mydomain.top
 SSLEngine on
 SSLCertificateFile      /etc/ssl/certs/fullchain.pem
 SSLCertificateKeyFile /etc/ssl/private/privkey.pem
 SSLCACertificatePath /etc/ssl/certs/
 SSLCACertificateFile /etc/ssl/certs/fullchain.pem

3.Start apache2:
#service apache2 start

4.Test ssl

echo |openssl s_client -connect www.iotsecurity.top:8443
CONNECTED(00000003)
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.iotsecurity.top
verify return:1
---
Certificate chain
 0 s:/CN=www.iotsecurity.top
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 3 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISA7LH5Kn5af+bt8FJN9Z4Yfm/MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA4MjUwMjE5NDdaFw0yMTExMjMwMjE5NDZaMB4xHDAaBgNVBAMT
E3d3dy5pb3RzZWN1cml0eS50b3AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDQK9nOhmxeyAQkEi52MZ+fcFdPY1c+uHH4K+Bm9OV9syoE9TDg5c1LuOVB
1ztceqKCpZn6Ivmw9QsPE8qEzi3HN5Qxt6Ub6cvRr06ZVEQy3fFqfVEsJUYQxcdy
8+HXDRhbZjABg/QozlzLpOApTT0VgzHJKTR44AEkfZDVa4snE0fUKrC/pekvrTt0
Q+K7wWNFonyD3QIkVzvDdHCct85fUZBD+RyHI16P6+T8L1Pf4T7E6n9dl+P2Bnoy
2l4I8qk6MimDvb9RVmZqNhwaUkcZTWS1QdomIAB0Tt6xER1pFf3hft9FN8mSHr72
lDrF2HTvssAEbwN410U6jZnus/fNAgMBAAGjggJNMIICSTAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFGr1PyXRql9dMcEoTgflf2VScZGpMB8GA1UdIwQYMBaAFBQusxe3
WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
ci5vcmcvMB4GA1UdEQQXMBWCE3d3dy5pb3RzZWN1cml0eS50b3AwTAYDVR0gBEUw
QzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDov
L2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgBE
lGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAXt7UiwJAAAEAwBHMEUC
IQCTWKbBE58EZuwVhpFzXYH6gIrcawd45ua6YPTGAPxBuQIgdXyf0v7GmA8lWwuj
Lixv7/BZl889MaF4AwczGm+ZE7QAdQD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwv
IAvMTvFk4wAAAXt7Uiv2AAAEAwBGMEQCIDblS6b/Mf/Lqicfgh9QpwdILLbXnL7/
c24w1abwQllZAiA0E1t+mlpxPyyG4fVgchQhnhAP7w/JtGGSNdRxr4DndzANBgkq
hkiG9w0BAQsFAAOCAQEAP69EnX4foYktBhZYO9ohbkt/FQAmocerw7hthoasJy/f
8ry3/onxzbdbo+bSXxOF/rp8zArBJWF+N67AFmReMO7bGArz7Ip1y62pIFO9ISZ3
xUAsgGOVYu24CIrQHU1dzVy98G4PLBMB8bjujqz035citcJ9t6RY9FG3/1x1uZB9
QZbdfaQ7tticBf1GMxFZJ08oLRTE3tZJlpzzuQYErz0bfqpfcV7KF2G4xfKTAQBL
NKwcaxdjAQyqzz3m5Kx+f0Zr4muKxKVu22HJKtiJcsMWisWZMkm9uijcMlHPAoeU
txy4LVTdXMyud7ohzPCQ4SMj+RuuFKrJuVSVttiC9A==
-----END CERTIFICATE-----
subject=/CN=www.iotsecurity.top
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5559 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: B6F4413B4B7F5397FCC16E657DD6BD2B8F6C144AB6C1D6029BC944C6D3DAC918
    Session-ID-ctx: 
    Master-Key: F2B8D2F678DF60A62A8FBB199333B20D7CF096F791131F466C3403738294CA89E49A6F8A584B276D6645F955BC64D390
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 13 5e d2 2e c5 e5 2a 95-a8 a9 6b 4c 7e 32 4b 2d   .^....*...kL~2K-
    0010 - 7a 1f 48 d9 4a be 9c 07-e7 e7 66 99 37 d7 a6 d5   z.H.J.....f.7...
    0020 - 66 fc 25 5a 0e dd b7 e0-64 62 0b 66 38 4a 1a 27   f.%Z....db.f8J.'
    0030 - 3c 4c 4f 9b ae 06 ac 69-a0 1d 48 b8 73 17 e3 93   <LO....i..H.s...
    0040 - 74 3c 3d c9 3e b0 49 a5-db 10 43 15 5a 5b 85 1c   t<=.>.I...C.Z[..
    0050 - a2 f6 73 1d 84 02 0f 7c-28 12 2f 6b b8 f0 05 1e   ..s....|(./k....
    0060 - 54 52 89 df cb f4 bc d1-c3 ef 12 47 90 9f 98 27   TR.........G...'
    0070 - b4 58 b2 4e 20 22 df 94-8a a4 c3 be e4 80 0a ed   .X.N "..........
    0080 - 46 83 11 52 ca ff 57 af-07 6f 4d eb cd ec 02 30   F..R..W..oM....0
    0090 - 10 9b 1d f7 d5 1f 91 9b-49 76 08 e4 a1 4b 20 87   ........Iv...K .
    00a0 - 80 74 cb a8 cd 8a e1 b5-38 c5 84 3b 08 dd d3 fd   .t......8..;....
    00b0 - b4 26 40 42 1c 5d c2 f8-60 21 dd 63 65 ff 62 6a   .&@B.]..`!.ce.bj

    Start Time: 1629946744
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
DONE

5.Test connection by another machine:

# curl https://www.mydomain.top:8443/list_score.php
curl: (35) TCP connection reset by peer
[root@mitu-bsdt ~]# curl -v https://www.mydomain.top:8443/list_score.php
* About to connect() to www.mydomain.top port 8443 (#0)
*   Trying x.x.179.163...
* Connected to www.mydomain.top (x.x.179.163) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer

6.Test connection by Windows 10:

>curl -v https://www.mydomain.top:8443
* Rebuilt URL to: https://www.mydomain.top:8443/
*   Trying x.x.179.163...
* TCP_NODELAY set
* Connected to www.iotsecurity.top (x.x.179.163) port 8443 (#0)
* schannel: SSL/TLS connection with www.mydomain.top port 8443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 190 bytes...
* schannel: sent initial handshake data: sent 190 bytes
* schannel: SSL/TLS connection with www.mydomain.top port 8443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with www.mydomain.top port 8443 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with www.mydomain.top port 8443
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Hi @teawater,

This sounds like it's most likely a firewall problem (like a firewall that won't accept connections from outside your network). Could you look into that possibility? It doesn't look like a certificate problem.

If it's Apache doing this deliberately, there may be relevant logs in /var/log/apache2 (or /var/log/httpd on some operating systems).

If I use ip instead of domain name by this:

curl -v https://x.x.179.163:8443
* Rebuilt URL to: https://x.x.179.163:8443/
*   Trying x.x.179.163...
* TCP_NODELAY set
* Connected to x.x.179.163 (x.x.179.163) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=www.mydomain.top
*  start date: Aug 25 02:19:47 2021 GMT
*  expire date: Nov 23 02:19:46 2021 GMT
*  subjectAltName does not match x.x.179.163
* SSL: no alternative certificate subject name matches target host name 'x.x.179.163'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'x.x.179.163'

And if I access the website by IP and ignored the certificate error,I can correctly open the web page.
#curl -k https://x.x.179.163:8443/list_score.php

That's a good observation, and I see the same thing when I test this myself. So I would suggest looking in your Apache logs to see if there's a reason that Apache disconnected intentionally.

Apache can be a bit elusive when it comes to configuration issues.
I'd start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

Also (possibly unrelated), I don't think this setting is correct:

It seems that port 8443 is listening to HTTP (not HTTPS), at least via SNI (when using the FQDN).
Compare:

curl -Iki https://x.x.179.163:8443/
HTTP/1.1 403 Forbidden
Date: Thu, 26 Aug 2021 07:27:21 GMT
Server: Apache/2.4.7 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1

with:

curl -Iki https://www.[redacted].top:8443/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.[redacted].top:8443

Which is a bit far from the norm.
[then again, this is Apache - nothing would surprise me]
Is there some other inline device doing proxy or HTTPS inspection?

1、apachectl output

# apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.16. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   172.17.0.16 (/etc/apache2/sites-enabled/000-default.conf:1)
*:443                  www.mydomain.top (/etc/apache2/sites-enabled/default-ssl.conf:2)

2、I agreed that SSLCACerfiticateFile was wrong,but I don't know how to setup.
3、Compare two command:

# curl -Iki https://www.mydomain.top:8443/list_score.php 
curl: (35) TCP connection reset by peer
[root@mitu-bsdt ~]# curl -Iki https://x.x.179.163:8443/list_score.php 
HTTP/1.1 200 OK
Date: Fri, 27 Aug 2021 00:16:00 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Content-Type: text/html;charset=utf-8

I think we need to know a lot more about all the pieces to this puzzle before we can even know where to look for a misconfiguration.

Is there a NAT/PAT/firewall/router involved?
How is Docker receiving, and handling, the inbound port 8443 connections?

Docker mapped 8443 port into 443
docker run -itd --name gradeV3 -p 8443:443 --restart=always grade:v3

Let's have a look at this file:
[presumably within that "gradeV3" container]

cat /etc/apache2/sites-enabled/default-ssl.conf

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost
		ServerName www.mydomain.top

		DocumentRoot /var/www/html

		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
		# error, crit, alert, emerg.
		# It is also possible to configure the loglevel for particular
		# modules, e.g.
		#LogLevel info ssl:warn

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		# For most configuration files from conf-available/, which are
		# enabled or disabled at a global level, it is possible to
		# include a line for only one particular virtual host. For example the
		# following line enables the CGI configuration for this host only
		# after it has been globally disabled with "a2disconf".
		#Include conf-available/serve-cgi-bin.conf

		#   SSL Engine Switch:
		#   Enable/Disable SSL for this virtual host.
		SSLEngine on

		#   A self-signed (snakeoil) certificate can be created by installing
		#   the ssl-cert package. See
		#   /usr/share/doc/apache2/README.Debian.gz for more info.
		#   If both key and certificate are stored in the same file, only the
		#   SSLCertificateFile directive is needed.
		#SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		SSLCertificateFile	/etc/ssl/certs/fullchain.pem
		#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
		SSLCertificateKeyFile /etc/ssl/private/privkey.pem

		#   Server Certificate Chain:
		#   Point SSLCertificateChainFile at a file containing the
		#   concatenation of PEM encoded CA certificates which form the
		#   certificate chain for the server certificate. Alternatively
		#   the referenced file can be the same as SSLCertificateFile
		#   when the CA certificates are directly appended to the server
		#   certificate for convinience.
		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

		#   Certificate Authority (CA):
		#   Set the CA certificate verification path where to find CA
		#   certificates for client authentication or alternatively one
		#   huge file containing all of them (file must be PEM encoded)
		#   Note: Inside SSLCACertificatePath you need hash symlinks
		#		 to point to the certificate files. Use the provided
		#		 Makefile to update the hash symlinks after changes.
		SSLCACertificatePath /etc/ssl/certs/
		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
		SSLCACertificateFile /etc/ssl/certs/fullchain.pem

		#   Certificate Revocation Lists (CRL):
		#   Set the CA revocation path where to find CA CRLs for client
		#   authentication or alternatively one huge file containing all
		#   of them (file must be PEM encoded)
		#   Note: Inside SSLCARevocationPath you need hash symlinks
		#		 to point to the certificate files. Use the provided
		#		 Makefile to update the hash symlinks after changes.
		#SSLCARevocationPath /etc/apache2/ssl.crl/
		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

		#   Client Authentication (Type):
		#   Client certificate verification type and depth.  Types are
		#   none, optional, require and optional_no_ca.  Depth is a
		#   number which specifies how deeply to verify the certificate
		#   issuer chain before deciding the certificate is not valid.
		#SSLVerifyClient require
		#SSLVerifyDepth  10

		#   SSL Engine Options:
		#   Set various options for the SSL engine.
		#   o FakeBasicAuth:
		#	 Translate the client X.509 into a Basic Authorisation.  This means that
		#	 the standard Auth/DBMAuth methods can be used for access control.  The
		#	 user name is the `one line' version of the client's X.509 certificate.
		#	 Note that no password is obtained from the user. Every entry in the user
		#	 file needs this password: `xxj31ZMTZzkVA'.
		#   o ExportCertData:
		#	 This exports two additional environment variables: SSL_CLIENT_CERT and
		#	 SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
		#	 server (always existing) and the client (only existing when client
		#	 authentication is used). This can be used to import the certificates
		#	 into CGI scripts.
		#   o StdEnvVars:
		#	 This exports the standard SSL/TLS related `SSL_*' environment variables.
		#	 Per default this exportation is switched off for performance reasons,
		#	 because the extraction step is an expensive operation and is usually
		#	 useless for serving static content. So one usually enables the
		#	 exportation for CGI and SSI requests only.
		#   o OptRenegotiate:
		#	 This enables optimized SSL connection renegotiation handling when SSL
		#	 directives are used in per-directory context.
		#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

		#   SSL Protocol Adjustments:
		#   The safe and default but still SSL/TLS standard compliant shutdown
		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
		#   the close notify alert from client. When you need a different shutdown
		#   approach you can use one of the following variables:
		#   o ssl-unclean-shutdown:
		#	 This forces an unclean shutdown when the connection is closed, i.e. no
		#	 SSL close notify alert is send or allowed to received.  This violates
		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
		#	 this when you receive I/O errors because of the standard approach where
		#	 mod_ssl sends the close notify alert.
		#   o ssl-accurate-shutdown:
		#	 This forces an accurate shutdown when the connection is closed, i.e. a
		#	 SSL close notify alert is send and mod_ssl waits for the close notify
		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
		#	 practice often causes hanging connections with brain-dead browsers. Use
		#	 this only for browsers where you know that their SSL implementation
		#	 works correctly.
		#   Notice: Most problems of broken clients are also related to the HTTP
		#   keep-alive facility, so you usually additionally want to disable
		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
		#   "force-response-1.0" for this.
		BrowserMatch "MSIE [2-6]" \
				nokeepalive ssl-unclean-shutdown \
				downgrade-1.0 force-response-1.0
		# MSIE 7 and newer should be able to use keepalive
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

	</VirtualHost>
</IfModule>

Eliminating all the unused lines, that is reduced to:

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost
		ServerName www.[redacted].top
		DocumentRoot /var/www/html
		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
		SSLEngine on
		SSLCertificateFile	  /etc/ssl/certs/fullchain.pem
		SSLCertificateKeyFile /etc/ssl/private/privkey.pem
		SSLCACertificatePath  /etc/ssl/certs/
		SSLCACertificateFile  /etc/ssl/certs/fullchain.pem
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
		BrowserMatch "MSIE [2-6]" \
				nokeepalive ssl-unclean-shutdown \
				downgrade-1.0 force-response-1.0
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
	</VirtualHost>
</IfModule>

Thanks!

I don't think you need this in Apache/2.4.7:

And you might want to include:
ServerAlias [redacted].top

But neither of those explains, or can fix, the problems seen.

I'm at a loss...

What version of OpenSSL are you using?
openssl version

Also try changing:

To:
<VirtualHost *:443>

I have commented like this:

        #SSLCACertificatePath  /etc/ssl/certs/
		#SSLCACertificateFile  /etc/ssl/certs/fullchain.pem

And add
ServerAlias www.mydomain.top
Restart apache2:
#service apache2 start
After that I tested in another machine:

$ curl -Iki https://www.mydomain:8443/list_score.php
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mydomain.top:8443

Welcome to the Let's Encrypt Community

A request was made for me to take a look here.

# openssl version
OpenSSL 1.0.1f 6 Jan 2014

Changed to:
<VirtualHost *:443>
Restart apache2:
#service apache2 restart
After that I tested in another Mac machine:

$ curl -Iki https://www.mydomain:8443/list_score.php
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mydomain.top:8443

I am assuming that this is the certificate being used:

https://crt.sh/?id=5102836967

Let's get to the bottom of this, shall we.

What are the current outputs of:

sudo apachectl -S
sudo ls -lRa /etc/apache2

Please put 3 backticks above and below each output, like this:

```
output
```

You can probably save a lot of time by not obscuring anything. Your domain name and its certificate are both in your original post.

apachectl -S output:

root@7e9495d5726a:~# apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.16. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   172.17.0.16 (/etc/apache2/sites-enabled/000-default.conf:1)
*:443                  www.iotsecurity.top (/etc/apache2/sites-enabled/default-ssl.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

sudo ls -lRa /etc/apache2 output:

root@7e9495d5726a:~# sudo ls -lRa /etc/apache2
/etc/apache2:
total 92
drwxr-xr-x 1 root root  4096 Aug 26 10:01 .
drwxr-xr-x 1 root root  4096 Aug 27 15:53 ..
-rw-r--r-- 1 root root  7099 Aug 25 09:31 apache2.conf
drwxr-xr-x 2 root root  4096 Jan 25  2021 conf-available
drwxr-xr-x 2 root root  4096 Jan 25  2021 conf-enabled
-rw-r--r-- 1 root root  1782 Nov 26  2018 envvars
-rw-r--r-- 1 root root 31063 Nov 26  2018 magic
drwxr-xr-x 2 root root  4096 Jan 25  2021 mods-available
drwxr-xr-x 1 root root  4096 Aug 25 09:31 mods-enabled
-rw-r--r-- 1 root root   320 Nov 26  2018 ports.conf
drwxr-xr-x 1 root root  4096 Aug 27 15:57 sites-available
drwxr-xr-x 1 root root  4096 Aug 25 18:07 sites-enabled

/etc/apache2/conf-available:
total 32
drwxr-xr-x 2 root root 4096 Jan 25  2021 .
drwxr-xr-x 1 root root 4096 Aug 26 10:01 ..
-rw-r--r-- 1 root root  315 Nov 26  2018 charset.conf
-rw-r--r-- 1 root root 3224 Nov 26  2018 localized-error-pages.conf
-rw-r--r-- 1 root root  189 Nov 26  2018 other-vhosts-access-log.conf
-rw-r--r-- 1 root root 2190 Nov 26  2018 security.conf
-rw-r--r-- 1 root root  455 Nov 26  2018 serve-cgi-bin.conf

/etc/apache2/conf-enabled:
total 12
drwxr-xr-x 2 root root 4096 Jan 25  2021 .
drwxr-xr-x 1 root root 4096 Aug 26 10:01 ..
lrwxrwxrwx 1 root root   30 Jan 25  2021 charset.conf -> ../conf-available/charset.conf
lrwxrwxrwx 1 root root   44 Jan 25  2021 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
lrwxrwxrwx 1 root root   46 Jan 25  2021 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
lrwxrwxrwx 1 root root   31 Jan 25  2021 security.conf -> ../conf-available/security.conf
lrwxrwxrwx 1 root root   36 Jan 25  2021 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf

/etc/apache2/mods-available:
total 536
drwxr-xr-x 2 root root 4096 Jan 25  2021 .
drwxr-xr-x 1 root root 4096 Aug 26 10:01 ..
-rw-r--r-- 1 root root  100 Nov 26  2018 access_compat.load
-rw-r--r-- 1 root root  377 Nov 26  2018 actions.conf
-rw-r--r-- 1 root root   66 Nov 26  2018 actions.load
-rw-r--r-- 1 root root  843 Nov 26  2018 alias.conf
-rw-r--r-- 1 root root   62 Nov 26  2018 alias.load
-rw-r--r-- 1 root root   76 Nov 26  2018 allowmethods.load
-rw-r--r-- 1 root root   76 Nov 26  2018 asis.load
-rw-r--r-- 1 root root   94 Nov 26  2018 auth_basic.load
-rw-r--r-- 1 root root   96 Nov 26  2018 auth_digest.load
-rw-r--r-- 1 root root  100 Nov 26  2018 auth_form.load
-rw-r--r-- 1 root root   72 Nov 26  2018 authn_anon.load
-rw-r--r-- 1 root root   72 Nov 26  2018 authn_core.load
-rw-r--r-- 1 root root   85 Nov 26  2018 authn_dbd.load
-rw-r--r-- 1 root root   70 Nov 26  2018 authn_dbm.load
-rw-r--r-- 1 root root   72 Nov 26  2018 authn_file.load
-rw-r--r-- 1 root root   78 Nov 26  2018 authn_socache.load
-rw-r--r-- 1 root root   90 Nov 26  2018 authnz_ldap.load
-rw-r--r-- 1 root root   72 Nov 26  2018 authz_core.load
-rw-r--r-- 1 root root   96 Nov 26  2018 authz_dbd.load
-rw-r--r-- 1 root root   92 Nov 26  2018 authz_dbm.load
-rw-r--r-- 1 root root  104 Nov 26  2018 authz_groupfile.load
-rw-r--r-- 1 root root   94 Nov 26  2018 authz_host.load
-rw-r--r-- 1 root root   74 Nov 26  2018 authz_owner.load
-rw-r--r-- 1 root root   94 Nov 26  2018 authz_user.load
-rw-r--r-- 1 root root 3374 Nov 26  2018 autoindex.conf
-rw-r--r-- 1 root root   70 Nov 26  2018 autoindex.load
-rw-r--r-- 1 root root   64 Nov 26  2018 buffer.load
-rw-r--r-- 1 root root   62 Nov 26  2018 cache.load
-rw-r--r-- 1 root root  889 Nov 26  2018 cache_disk.conf
-rw-r--r-- 1 root root   89 Nov 26  2018 cache_disk.load
-rw-r--r-- 1 root root   95 Nov 26  2018 cache_socache.load
-rw-r--r-- 1 root root   58 Nov 26  2018 cgi.load
-rw-r--r-- 1 root root  115 Nov 26  2018 cgid.conf
-rw-r--r-- 1 root root   60 Nov 26  2018 cgid.load
-rw-r--r-- 1 root root   76 Nov 26  2018 charset_lite.load
-rw-r--r-- 1 root root   60 Nov 26  2018 data.load
-rw-r--r-- 1 root root   58 Nov 26  2018 dav.load
-rw-r--r-- 1 root root   83 Nov 26  2018 dav_fs.conf
-rw-r--r-- 1 root root   79 Nov 26  2018 dav_fs.load
-rw-r--r-- 1 root root   68 Nov 26  2018 dav_lock.load
-rw-r--r-- 1 root root   58 Nov 26  2018 dbd.load
-rw-r--r-- 1 root root  522 Nov 26  2018 deflate.conf
-rw-r--r-- 1 root root   84 Nov 26  2018 deflate.load
-rw-r--r-- 1 root root   64 Nov 26  2018 dialup.load
-rw-r--r-- 1 root root  157 Nov 26  2018 dir.conf
-rw-r--r-- 1 root root   58 Nov 26  2018 dir.load
-rw-r--r-- 1 root root   64 Nov 26  2018 dump_io.load
-rw-r--r-- 1 root root   60 Nov 26  2018 echo.load
-rw-r--r-- 1 root root   58 Nov 26  2018 env.load
-rw-r--r-- 1 root root   66 Nov 26  2018 expires.load
-rw-r--r-- 1 root root   72 Nov 26  2018 ext_filter.load
-rw-r--r-- 1 root root   89 Nov 26  2018 file_cache.load
-rw-r--r-- 1 root root   64 Nov 26  2018 filter.load
-rw-r--r-- 1 root root   66 Nov 26  2018 headers.load
-rw-r--r-- 1 root root  176 Nov 26  2018 heartbeat.load
-rw-r--r-- 1 root root  182 Nov 26  2018 heartmonitor.load
-rw-r--r-- 1 root root   82 Nov 26  2018 include.load
-rw-r--r-- 1 root root  402 Nov 26  2018 info.conf
-rw-r--r-- 1 root root   60 Nov 26  2018 info.load
-rw-r--r-- 1 root root  116 Nov 26  2018 lbmethod_bybusyness.load
-rw-r--r-- 1 root root  116 Nov 26  2018 lbmethod_byrequests.load
-rw-r--r-- 1 root root  114 Nov 26  2018 lbmethod_bytraffic.load
-rw-r--r-- 1 root root  114 Nov 26  2018 lbmethod_heartbeat.load
-rw-r--r-- 1 root root  121 Nov 26  2018 ldap.conf
-rw-r--r-- 1 root root   60 Nov 26  2018 ldap.load
-rw-r--r-- 1 root root   70 Nov 26  2018 log_debug.load
-rw-r--r-- 1 root root   76 Nov 26  2018 log_forensic.load
-rw-r--r-- 1 root root   58 Nov 26  2018 lua.load
-rw-r--r-- 1 root root   62 Nov 26  2018 macro.load
-rw-r--r-- 1 root root 7639 Nov 26  2018 mime.conf
-rw-r--r-- 1 root root   60 Nov 26  2018 mime.load
-rw-r--r-- 1 root root  120 Nov 26  2018 mime_magic.conf
-rw-r--r-- 1 root root   72 Nov 26  2018 mime_magic.load
-rw-r--r-- 1 root root  668 Nov 26  2018 mpm_event.conf
-rw-r--r-- 1 root root  106 Nov 26  2018 mpm_event.load
-rw-r--r-- 1 root root  571 Nov 26  2018 mpm_prefork.conf
-rw-r--r-- 1 root root  108 Nov 26  2018 mpm_prefork.load
-rw-r--r-- 1 root root  836 Nov 26  2018 mpm_worker.conf
-rw-r--r-- 1 root root  107 Nov 26  2018 mpm_worker.load
-rw-r--r-- 1 root root  724 Nov 26  2018 negotiation.conf
-rw-r--r-- 1 root root   74 Nov 26  2018 negotiation.load
-rw-r--r-- 1 root root  897 Apr 23  2019 php5.conf
-rw-r--r-- 1 root root   59 Apr 23  2019 php5.load
-rw-r--r-- 1 root root  822 Nov 26  2018 proxy.conf
-rw-r--r-- 1 root root   62 Nov 26  2018 proxy.load
-rw-r--r-- 1 root root   87 Nov 26  2018 proxy_ajp.load
-rw-r--r-- 1 root root  347 Nov 26  2018 proxy_balancer.conf
-rw-r--r-- 1 root root  115 Nov 26  2018 proxy_balancer.load
-rw-r--r-- 1 root root   95 Nov 26  2018 proxy_connect.load
-rw-r--r-- 1 root root   95 Nov 26  2018 proxy_express.load
-rw-r--r-- 1 root root   89 Nov 26  2018 proxy_fcgi.load
-rw-r--r-- 1 root root   93 Nov 26  2018 proxy_fdpass.load
-rw-r--r-- 1 root root  189 Nov 26  2018 proxy_ftp.conf
-rw-r--r-- 1 root root   87 Nov 26  2018 proxy_ftp.load
-rw-r--r-- 1 root root   89 Nov 26  2018 proxy_html.load
-rw-r--r-- 1 root root   89 Nov 26  2018 proxy_http.load
-rw-r--r-- 1 root root   89 Nov 26  2018 proxy_scgi.load
-rw-r--r-- 1 root root   97 Nov 26  2018 proxy_wstunnel.load
-rw-r--r-- 1 root root   85 Nov 26  2018 ratelimit.load
-rw-r--r-- 1 root root   70 Nov 26  2018 reflector.load
-rw-r--r-- 1 root root   68 Nov 26  2018 remoteip.load
-rw-r--r-- 1 root root 1190 Nov 26  2018 reqtimeout.conf
-rw-r--r-- 1 root root   72 Nov 26  2018 reqtimeout.load
-rw-r--r-- 1 root root   66 Nov 26  2018 request.load
-rw-r--r-- 1 root root   66 Nov 26  2018 rewrite.load
-rw-r--r-- 1 root root   58 Nov 26  2018 sed.load
-rw-r--r-- 1 root root   66 Nov 26  2018 session.load
-rw-r--r-- 1 root root   99 Nov 26  2018 session_cookie.load
-rw-r--r-- 1 root root   99 Nov 26  2018 session_crypto.load
-rw-r--r-- 1 root root   93 Nov 26  2018 session_dbd.load
-rw-r--r-- 1 root root 1280 Nov 26  2018 setenvif.conf
-rw-r--r-- 1 root root   68 Nov 26  2018 setenvif.load
-rw-r--r-- 1 root root   78 Nov 26  2018 slotmem_plain.load
-rw-r--r-- 1 root root   74 Nov 26  2018 slotmem_shm.load
-rw-r--r-- 1 root root   74 Nov 26  2018 socache_dbm.load
-rw-r--r-- 1 root root   84 Nov 26  2018 socache_memcache.load
-rw-r--r-- 1 root root   78 Nov 26  2018 socache_shmcb.load
-rw-r--r-- 1 root root   66 Nov 26  2018 speling.load
-rw-r--r-- 1 root root 3404 Nov 26  2018 ssl.conf
-rw-r--r-- 1 root root   97 Nov 26  2018 ssl.load
-rw-r--r-- 1 root root  749 Nov 26  2018 status.conf
-rw-r--r-- 1 root root   64 Nov 26  2018 status.load
-rw-r--r-- 1 root root   72 Nov 26  2018 substitute.load
-rw-r--r-- 1 root root   64 Nov 26  2018 suexec.load
-rw-r--r-- 1 root root   70 Nov 26  2018 unique_id.load
-rw-r--r-- 1 root root  423 Nov 26  2018 userdir.conf
-rw-r--r-- 1 root root   66 Nov 26  2018 userdir.load
-rw-r--r-- 1 root root   70 Nov 26  2018 usertrack.load
-rw-r--r-- 1 root root   74 Nov 26  2018 vhost_alias.load
-rw-r--r-- 1 root root   66 Nov 26  2018 xml2enc.load

/etc/apache2/mods-enabled:
total 12
drwxr-xr-x 1 root root 4096 Aug 25 09:31 .
drwxr-xr-x 1 root root 4096 Aug 26 10:01 ..
lrwxrwxrwx 1 root root   36 Jan 25  2021 access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx 1 root root   28 Jan 25  2021 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root   28 Jan 25  2021 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root   33 Jan 25  2021 auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root   33 Jan 25  2021 authn_core.load -> ../mods-available/authn_core.load
lrwxrwxrwx 1 root root   33 Jan 25  2021 authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root   33 Jan 25  2021 authz_core.load -> ../mods-available/authz_core.load
lrwxrwxrwx 1 root root   33 Jan 25  2021 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root   33 Jan 25  2021 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root   32 Jan 25  2021 autoindex.conf -> ../mods-available/autoindex.conf
lrwxrwxrwx 1 root root   32 Jan 25  2021 autoindex.load -> ../mods-available/autoindex.load
lrwxrwxrwx 1 root root   30 Jan 25  2021 deflate.conf -> ../mods-available/deflate.conf
lrwxrwxrwx 1 root root   30 Jan 25  2021 deflate.load -> ../mods-available/deflate.load
lrwxrwxrwx 1 root root   26 Jan 25  2021 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root   26 Jan 25  2021 dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root   26 Jan 25  2021 env.load -> ../mods-available/env.load
lrwxrwxrwx 1 root root   29 Jan 25  2021 filter.load -> ../mods-available/filter.load
lrwxrwxrwx 1 root root   27 Jan 25  2021 mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx 1 root root   27 Jan 25  2021 mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root   34 Jan 25  2021 mpm_prefork.conf -> ../mods-available/mpm_prefork.conf
lrwxrwxrwx 1 root root   34 Jan 25  2021 mpm_prefork.load -> ../mods-available/mpm_prefork.load
lrwxrwxrwx 1 root root   34 Jan 25  2021 negotiation.conf -> ../mods-available/negotiation.conf
lrwxrwxrwx 1 root root   34 Jan 25  2021 negotiation.load -> ../mods-available/negotiation.load
lrwxrwxrwx 1 root root   27 Jan 25  2021 php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root   27 Jan 25  2021 php5.load -> ../mods-available/php5.load
lrwxrwxrwx 1 root root   30 Aug 25 09:31 rewrite.load -> ../mods-available/rewrite.load
lrwxrwxrwx 1 root root   31 Jan 25  2021 setenvif.conf -> ../mods-available/setenvif.conf
lrwxrwxrwx 1 root root   31 Jan 25  2021 setenvif.load -> ../mods-available/setenvif.load
lrwxrwxrwx 1 root root   36 Aug 25 09:31 socache_shmcb.load -> ../mods-available/socache_shmcb.load
lrwxrwxrwx 1 root root   26 Aug 25 09:31 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root   26 Aug 25 09:31 ssl.load -> ../mods-available/ssl.load
lrwxrwxrwx 1 root root   29 Jan 25  2021 status.conf -> ../mods-available/status.conf
lrwxrwxrwx 1 root root   29 Jan 25  2021 status.load -> ../mods-available/status.load

/etc/apache2/sites-available:
total 28
drwxr-xr-x 1 root root 4096 Aug 27 15:57 .
drwxr-xr-x 1 root root 4096 Aug 26 10:01 ..
-rw-r--r-- 1 root root 1778 Aug 25 09:29 000-default.conf
-rw-r--r-- 1 root root 6846 Aug 27 15:57 default-ssl.conf

/etc/apache2/sites-enabled:
total 12
drwxr-xr-x 1 root root 4096 Aug 25 18:07 .
drwxr-xr-x 1 root root 4096 Aug 26 10:01 ..
lrwxrwxrwx 1 root root   35 Jan 25  2021 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root   45 Aug 25 09:31 default-ssl.conf -> /etc/apache2/sites-available/default-ssl.conf