Yes, you could do that. Have Caddy terminate TLS, then proxy to Apache over HTTP. PHP will still work. Probably as simple as blocks like this for each domain:
foo.example.com {
reverse_proxy localhost:8080
}
bar.example.com {
reverse_proxy localhost:8080
}
Or if they’re always identical you can list out the domains for one block:
foo.example.com, bar.example.com {
reverse_proxy localhost:8080
}
You’d have to reconfigure Apache to listen on port 8080 or whatever.
I mean, it’s two lines of config, so I would hope so. It’s very easy.
Problem is, there’s no way to do fallback for TLS, a valid certificate is necessary for the connection to succeed. Listing the domains in the config is how Caddy knows to issue and maintain TLS certs for that domain.
You could use On-Demand TLS, but that’s probably not what you want to do, that’s mainly for dealing with domains not under your control (i.e. customer’s domain pointing to your server).