You want to configure “once and for all” HTTPs for all domains and sub-domains handled by your webserver, and you don’t want to redeclare the certificate in each VirtualHost. Here is the trick.

I run Debian. In a default Apache installation, the directory /etc/sites-enabled contains a file named 000-default which declares a default VirtualHost for HTTP.

You have to know that when Apache loads an entire directory of configuration files, the files are read in alphabetical order. So if you want to declare something before something else, you can cheat on its name in the loaded configuration. It is exactly what 000-default does.

In /etc/apache2/sites-available, you have a file named default-ssl. Edit this file to fit your needs (path to certificate, etc). Note that this certificate will be the same for all the domains hosted on your server. It’s what we want : only one configuration. If you are hosting multiple domains on the same server, the certificate will probably be invalid for at least one of your domains, and you should use mod_macro instead of a global HTTPs configuration.

Now, enable the website the common way : a2ensite default-ssl. Don’t restart Apache yet.

Rename the file default-ssl created in /etc/apache2/sites-enabled/ to 000-default-ssl.

Configure your other VirtualHost with a *:80 section and a *:443 section, as usual but without specifying certificate and SSL informations for VirtualHosts on *:443.

If you restart Apache, you will notice something like this :

_default_ virtualhost overlap on port 443

To get rid of these warnings, just add to your ports.conf, in the right section :

NameVirtualHost *:443
Listen 443 http

When you finally restart Apache, every VirtualHost declared as *:443 will use the certificate defined in 000-default-ssl without mentioning it.