I can't see all of your config so I can't say for sure if this will fix your problems.
Lighttpd should default to listening on port 80 so I haven't specified it.
# Ssl config shouldn't be in a conditional
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/domain.com.pem"
}
$HTTP["host"] !~ "^(demo|faq|help|forums|mail|www)\.(domain\.com)$" {
$HTTP["host"] =~ "^(.+\.)?(domain\.com)$" {
# Use the doc specified method of detecting http
$HTTP["scheme"] == "http" {
# capture vhost name with regex conditiona -> %0 in redirect pattern
# must be the most inner block to the redirect rule
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
....
}
}