Apache reverse proxy preserving ssl
Solution 1:
If I understood you correctly "endpoint" means the browser client? ("endpoint" usually means a web service endpoint, not the service consumer...)
"Classic" HTTPS would not even allow the scenario you wish to happen. The hostname gets translated via DNS into ip:port(443) of the webserver and then TLS happens, which in early days did completely encrypt the hostname. So your apache, as a man-in-the-middle, would not be able to ever find out which hostname/domainname was requested without owning the certificate and decrypting the TLS traffic.
However. As so often happens, costs (limited public ip ranges) trump principal security. So TLS grew an extension called SNI (codified in 2003 rfc), which many people now rely on, that allows the server to select the right server certificate.
My recommendation
...would be, since you already mentioned that everything works with HTTP, to set up an nginx in front of Apache as an https endpoint...
endpoint <-- front_nginx signed --> front_nginx <-- HTTP --> Apache <-- HTTP --> target_nginx
... and do the SSL migration as a last step from the front-nginx to the target-nginx, derezzing Apache afterwards.
Using SNI
If you want to rely on SNI (which, admittedly, you are probably already doing by your virtual host setup), it might be enough to enable mod_proxy_connect and Disable SSLProxyEngine. Best remove the SSL certificates from apache just to be sure it passes through connections transparently for testing.
Here is this scenario documented usinng haproxy: Can a Reverse Proxy use SNI with SSL pass through?
I have never tried this, so I have no details. Maybe the links I provided help you further.
[Edit:] addendum
(Sorry for the many edits!) Thank you for this question, it made me stumble upon this: https://github.com/Lochnair/xt_tls
which might solve your problem and enable some tricks for me...