Need help with HAPROXY https when apps share the SSL cert

Here is my setup -

frontend HTTPS
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

acl HTTPS1 req.ssl_sni -i
acl HTTPS2 req.ssl_sni -i

use_backend server1 if HTTPS1
use_backend server2 if HTTPS2

backend server1
mode tcp
option tcplog
server appserver1 x1.x1.x1.x1:443 check

backend server2
mode tcp
option tcplog
server appserver2 x2.x2.x2.x2:443 check

my problem is that both and share the same SSL cert and it appears that SNI is only triggered once per SSL session so when I open two tabs in the browser, one with and another with, I get the same application served up in both tabs.

I dont think there any frontend or backend caching issue. I have attempted using ssl_fc_sni instead but that does not work - I get insecure website from the browser and no access to the app. Any way I can get by without using SNI?

You need to use different non overlapping certificates.

A wilcard certificate or a certificate containing both hostnames as SAN will lead to this exact issue…

An alternative would be to detect the SNI and hostname match in the backend servers and return a 421 Misdirected Request response error: