At the transport layer, two (or more) servers cannot share the same port.
The solution, as you've correctly deduced, is to do this at the application layer by setting up a reverse proxy. Unless you're using a wildcard certificate covering both server names, you will need to install both SSL certificates on the proxy and make sure SSL 2.0 is disabled.
I did a Google search for "pfsense reverse proxy", and got quite a few hits (including
this), including instructions on how to install SSL certificates.