apache reverse proxy restituisce sempre errore di certificato (sito non corrispondente)

[Dascos]

Buon giorno,
stavolta ho un problema serio e non ne vengo a capo.
Dunque. Ho una DMZ che mi gira il traffico delle porte 80 e 443 su un server apache con molti vhost. Tutto bene, funziona alla grande.
Qualche giorno fa ho implementato un reverse proxy con Apache e ho modificato il NAT della DMZ in modo che rigiri tutto il traffico 80 e 443 sul nuovo server. In http nessun problema, in https il browser mi dice che c'è un problema col certificato ecc ecc.

Configurazione del proxy

000_default.conf

codice:

<VirtualHost *:443>
    ServerName proxy.dascos.info
    DocumentRoot /var/www/html
    SSLEngine on
    #SSLProxyEngine on
    SSLCertificateFile /etc/letsencrypt/live/proxy.dascos.info/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/proxy.dascos.info/privkey.pem
    #SSLProxyVerify none
    #SSLProxyCheckPeerCN off
    #SSLProxyCheckPeerName off
    #SSLProxyCheckPeerExpire off
    #ProxyPass / https://dev.fattureweb.com/
    #ProxyPassReverse / https://dev.fattureweb.com/
</VirtualHost>

sito_a.com.conf

codice:

<VirtualHost *:443>
    ServerName sito_a.com
    ServerAlias www.sito_a.com
    SSLProxyEngine On
    ProxyPass / https://www.sito_a.com/
    ProxyPassReverse / https://www.sito_a.com/
</VirtualHost>

Quindi....se la dmz smista sul server "normale", funziona tutto (i vari vhost non hanno problemi i certificati), se smista sul proxy invece tutti i vhost danno problemi.

Modificando la configurazione del 000_default, scommentando un po' alla volta e in varie combinazioni ciò che con #, non cambia nulla.

O mi sono perso qualcosa o non ho idea di dove sbattere la testa.
HELP!

[Dascos]

Aggiornamento, nel caso fosse utile.
Oggi ho abilitato un po' di log e sul proxy, per uno dei siti, ho questo:

codice:

[Fri Nov 18 09:28:08.700988 2022] [ssl:info] [pid 335462:tid 140112001406528] [client 5.90.69.2:10166] AH01964: Connection to child 64 established (server proxy.dascos.info:443)
[Fri Nov 18 09:28:08.702388 2022] [ssl:debug] [pid 335462:tid 140112001406528] ssl_engine_kernel.c(2395): [client 5.90.69.2:10166] AH02043: SSL virtual host for servername tiny.top found
[Fri Nov 18 09:28:08.702735 2022] [core:debug] [pid 335462:tid 140112001406528] protocol.c(2458): [client 5.90.69.2:10166] AH03155: select protocol from h2,h2c,http/1.1, choices=h2,http/1.1 for server tiny.top
[Fri Nov 18 09:28:08.702805 2022] [core:debug] [pid 335462:tid 140112001406528] protocol.c(2502): [client 5.90.69.2:10166] AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,h2c,http/1.1 configured=h2,h2c,http/1.1
[Fri Nov 18 09:28:08.702841 2022] [core:debug] [pid 335462:tid 140112001406528] protocol.c(2522): [client 5.90.69.2:10166] AH03157: selected protocol=h2
[Fri Nov 18 09:28:09.368030 2022] [ssl:info] [pid 335462:tid 140112001406528] [client 5.90.69.2:10166] AH02008: SSL library error 1 in handshake (server proxy.dascos.info:443)
[Fri Nov 18 09:28:09.368133 2022] [ssl:info] [pid 335462:tid 140112001406528] SSL Library Error: error:0A000416:SSL routines::sslv3 alert certificate unknown (SSL alert number 46)
[Fri Nov 18 09:28:09.368175 2022] [ssl:info] [pid 335462:tid 140112001406528] [client 5.90.69.2:10166] AH01998: Connection closed to child 64 with abortive shutdown (server tiny.top:80)
[Fri Nov 18 09:28:09.368422 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(954): [client 5.90.69.2:10166] AH03200: h2_session(64,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
[Fri Nov 18 09:28:09.368470 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(1043): [client 5.90.69.2:10166] AH03201: h2_session(64,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
[Fri Nov 18 09:28:09.368509 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(2148): [client 5.90.69.2:10166] AH03079: h2_session(64,INIT,0): started on tiny.top:443
[Fri Nov 18 09:28:09.368543 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(1700): [client 5.90.69.2:10166] AH03078: h2_session(64,BUSY,0): transit [INIT] -- init --> [BUSY]
[Fri Nov 18 09:28:09.368626 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_filter.c(195): (103)Software caused connection abort: [client 5.90.69.2:10166] AH03046: h2_session(64): error reading
[Fri Nov 18 09:28:09.368674 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(1792): [client 5.90.69.2:10166] AH03401: h2_session(64,BUSY,0): conn error -> shutdown
[Fri Nov 18 09:28:09.368710 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(1700): [client 5.90.69.2:10166] AH03078: h2_session(64,DONE,0): transit [BUSY] -- local goaway --> [DONE]
[Fri Nov 18 09:28:09.368753 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(591): [client 5.90.69.2:10166] AH03068: h2_session(64,DONE,0): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
[Fri Nov 18 09:28:09.368792 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(591): [client 5.90.69.2:10166] AH03068: h2_session(64,DONE,0): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
[Fri Nov 18 09:28:09.368838 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_conn_io.c(287): (103)Software caused connection abort: [client 5.90.69.2:10166] AH03044: h2_conn_io(64): pass_out brigade 28 bytes
[Fri Nov 18 09:28:09.368879 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_conn.c(224): (70014)End of file found: [client 5.90.69.2:10166] AH03045: h2_session(64,DONE,0): process, closing conn
[Fri Nov 18 09:28:09.368915 2022] [http2:debug] [pid 335462:tid 140112001406528] h2_session.c(1700): [client 5.90.69.2:10166] AH03078: h2_session(64,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]