Hello @Kazuki Yamamoto,
welcome to this moderated Azure community forum.
The Azure IoT Edge logic is open source and available on GitHub.
In general, custom Azure IoT edge modules do not connect to he Azure IoT Hub directly.
The ModuleClient connects to the Microsoft module named EdgeHub (via a Docker network).
This EdgeHub module represents the IoThub. For example, if the edge is diconnected from the cloud, the custom module can still ask for its ModuleTwin settings because the EdheHub stores the last copy gotten from the IoTHub.
The communication between (custom) modules and the EdgeHub is done via the routes, seen in the deployment manifest.
This communication is secured via TLS using a separate certificate.
Check out this Azure IoT Edge security related documentation for more details.
If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.