Philip Hands reported that Certbot 2.x (Debian 12) generates ECDSA keys by default, not RSA keys like older versions. ikiwiki-hosting only checks for valid RSA keys, causing SSL to be disabled for newly-reconfigured sites. He attached a patch in the merge request: https://salsa.debian.org/debian/ikiwiki-hosting/-/blob/790b509a075b3f661b8feb77fcb12fe3d0118dd9/debian/patches/accept-ec-keys-as-valid-in-addition-to-r.patch

--smcv