I think what goes wrong with your setup is trying to proxy https to https which could pose a security risk and fails because of how SSL/TLS works ... not sure though.
I would first default that external.conf file again so lighttpd listens default to port 80 without SSL/TLS.
If port 80 conflicts with other services, configure lighttpd to listen on that other port 4567 that you mentioned (but without SSL).
Then proxy port 80 on apache to port 80 (or 4567) for lighttpd.
If that works, try proxy port 443 (with SSL) on apache to port 80 (without SSL) from lighttpd.
I've got a similar setup where the proxy target 192.168.0.4:8080 is without SSL:
<VirtualHost *:443>
[..]
ProxyPreserveHost On
ProxyPass / http://192.168.0.4:8080/
ProxyPassReverse / http://192.168.0.4:8080/
EDIT: I have no experience with that SSLProxyEngine directive.
Maybe that one does allows you to proxy https to https somehow.
EDIT2: What also is unclear to me, are apache and lighttpd running on the same host?
If so, why not entirely switch to apache and ditch lighttpd?
That would make the cert renewal easier and you only have one cert instead of two.