What I want:
If the use doesn’t show his client certificate I want to show him a page with response code 401 unauthorized.
If a client like curl access the page without client cert I want to show him a json response with error code 401.

So let’s break the problem:
To detect browser or client I know I can use User-Agent and/or Accept header. To serve different content I can use https://httpd.apache.org/docs/2.4/en/mod/core.html#if

For the first part I can use: /a/10297445/7227940 it works almost as I wish but with 200 error code.

        RewriteEngine on

        RewriteRule ^/missing_cert$ - [R=401,END]

        <Location /missing_cert>
                Require all granted
                ErrorDocument 401 /missing_cert # A local file exist in my webroot
                ProxyPass ! # Not to be proxified because it is local shouldn't impact our issue
                ProxyPassReverse ! # idem
        </Location>

Here I expect since I put a END that no rewriting is done (and it take this as filepath). Then it serve the file.

but since the file exist it answer with 200 (technically is understandable) but since I need to show this page when you aren’t authorized it should send 401.

The error log show:
[core:error] [pid 64236:tid 64288] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

I also tried RewriteEngine Off in the location block (but it seem that location are processed before RewriteRule.

I searched google and found Request exceeded the limit of 10 internal redirects due to probable configuration error but it doesn’t seems to answer my issue.

A possible workaround it to rename the file missing_cert.html (but I think I miss an opportunity to learn).