Wordpress pretty permalinks fail over SSL - 404 File does not exist

I am unable to get wordpress pretty permalinks to work on an Ubuntu server with Apache, Django and SSL. The configuration works fine if I disable SSL, but fails with it enabled. With SSL enabled, every wordpress permalink (that doesn't map to a physical file) results in a 404 and an entry in apache's error log like

File does not exist: /var/www/wpwrap/wordpress/hello-world

I have tried dozens of stackoverflow & web suggested solutions (vast majority for non-SSL setups) - nothing has worked. I am seasoned with defining Apache configs (but not wordpress) and am admin of this machine.

1. My apache setup

• apache2.conf
  • basically out of the box, contains no <Directory> or <VirtualHost> entries
  • loads conf.d/* then sites-enabled/*
• httpd.conf (empty)

• sites-enabled/default-000

  • Out-of-the-box contents prior to this. (My separate 443 vhost listed below redirects all http traffic to https, so this file should be moot). For troubleshooting this issue, I changed EVERY <Directory> entry in this file to explicitly contain these 2 lines. No effect.

    Options FollowSymLinks
    AllowOverride All
    

• conf.d/my-ssl-site.conf - My CORE configuration

  <Location /> 
  # preexisting, works fine
      <IfModule mod_rewrite.c>
          RewriteEngine on
          # force www prefix for plain example.com; 
          RewriteCond %{HTTP_HOST} ^example\.com
          RewriteRule ^(.*)$ https://www.example.com%{REQUEST_URI} [R=permanent,L]
          # force ssl
          RewriteCond %{HTTPS} off
          RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
      </IfModule>
  </Location>
  
  <VirtualHost *:443>
      ServerName example.com
      ServerAlias www.example.com
      ServerAdmin [email protected]
      DirectoryIndex index.html
      ErrorLog "|/usr/sbin/rotatelogs -f -l /var/log/django/error.log.%Y.%m.%d 25M"
      CustomLog "|/usr/sbin/rotatelogs -f -l /var/log/django/access.log.%Y.%m.%d 25M" combined
  
  #FOR REWRITE DEBUGGING
      #RewriteLogLevel 10
      #RewriteLog /var/log/django/rewrites.log
  
  # =======   RUN DJANGO/PYTHON THROUGH WSGI MODULE OF APACHE ==============
  # pre-existing, works fine
      WSGIScriptAlias / /path_to_my/wsgi.py
      WSGIDaemonProcess example.com processes=2 threads=15 display-name=%{GROUP}
      WSGIProcessGroup example.com
  
      SSLEngine on
      # additional SSL config stuff snipped from here
  
  # ==== WORDPRESS Settings
      Alias /blog /var/www/wpwrap/wordpress
      <IfModule mod_fastcgi.c>
          AddHandler php5-fcgi .php
          Action php5-fcgi /php5-fcgi
          Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
          FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
      </IfModule>
      <Directory /var/www/wpwrap/wordpress>
          Options FollowSymLinks
          AllowOverride All
          Order allow,deny
          Allow from all
          DirectoryIndex index.php
  
          #pretty permalink setup, as defined by wordpress Admin UI 
          <IfModule mod_rewrite.c>
              RewriteEngine On
              RewriteBase /blog/
              RewriteRule ^index\.php$ - [L]
              RewriteCond %{REQUEST_FILENAME} !-f
              RewriteCond %{REQUEST_FILENAME} !-d
              RewriteRule . /blog/index.php [L]
          </IfModule>
      </Directory>
  
  #Added these directories during wordpress troubleshooting - no effect
      <Directory />
              Options FollowSymLinks
              AllowOverride All
      </Directory>
      <Directory /var/www/>
              Options Indexes FollowSymLinks MultiViews
              AllowOverride All
              Order allow,deny
              allow from all
      </Directory>
      <Directory /usr/lib/cgi-bin/php5-fcgi>
          Options FollowSymLinks
          AllowOverride All
      </Directory>
  </VirtualHost>
  

• There are no other <Directory> configs or <VirtualHost> configs or AllowOverride lines in sites enabled, conf.d, or even in mods-enabled, anywhere within /etc/apache2.

2. Server setup

• Pre-existing, working config (running for a year)
  • Ubuntu 12.04
  • Apache 2.2.6 (mpm_worker NOT prefork)
  • Django (mod_wsgi)
    • Django serves base urls at /
  • mod_rewrite
  • virtualhost on 443 (mod_rewrite pushes all 80 traffic to 443), SSL certificate
• New for wordpress
  • wordpress 4.2.1 (to run side by side with pre-existing Django)
    • wordpress serves urls under /blog
    • wordpress files live at /var/www/wpwrap/wordpress
  • mod_fastcgi and php-fpm
    • Server performs well with worker mpm, so I installed well-documented solution (php-fpm & mod_fastcgi) to make PHP work with Apache worker mpm rather than downgrade Apache to prefork mpm just for wordpress.

3. What works:

• Pretty permalinks WITHOUT SSL (If I simply change vhost from 443->80)
• Wordpress Admin UI over SSL
• Any wordpress url that maps to a physically existent file
• Django, SSL, existing rewrites

4. Other things Tried besides items noted above:

No effect on the 404 and error with any of the following:

• Altering order of Virtual Host configuration (mod_wsgi above/below wordpress)
• Moving entire vhost settings into sites-enabled/default-ssl and reloading
• Playing with group (www-data) & permissions (775) of wordpress files
• Altering load order of conf.d/* and sites-enabled/*
• Beating my head against the wall :-)