Thank you for the suggestion, Stevie.
Icinga 2 (2.11.1) exists in the Debian ‘testing’ (Bullseye) repository. But I’m afraid the situation there is even worse. When you upgrade the distribution and try to install Icinga2 you will run into other bugs which also break the installation:
ai2ieXie@icinga:~$ sudo icinga2 api setup
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/var/lib/icinga2/certs//icinga.csr'.
information/base: Writing private key to '/var/lib/icinga2/certs//icinga.key'.
information/base: Writing certificate signing request to '/var/lib/icinga2/certs//icinga.csr'.
information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//icinga.crt'.
information/pki: Writing certificate to file '/var/lib/icinga2/certs//icinga.crt'.
information/cli: Copying CA certificate to '/var/lib/icinga2/certs//ca.crt'.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
critical/Application: Error: Function call 'mkstemp' for file '/etc/icinga2/conf.d/api-users.conf.XXXXXX' failed with error code 13, 'Permission denied'
Additional information is available in '/var/log/icinga2/crash/report.1581940518.765982'
If you manually create /etc/icinga2/conf.d/api-users.conf, enable the api feature and continue with the installation process you’ll run into the next bugs:
ai2ieXie@icinga:~$ sudo icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!
We will guide you through all required configuration details.
Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specify the common name (CN) [icinga]:
Checking for existing certificates for common name 'icinga'...
Certificate '/var/lib/icinga2/certs//icinga.crt' for CN 'icinga' already existing. Skipping certificate generation.
Generating master configuration for Icinga 2.
'api' feature already enabled.
Master zone name [master]:
Default global zones: global-templates director-global
Do you want to specify additional global zones? [y/N]:
critical/cli: chown() failed with error code 1, "Operation not permitted"
Please specify the API bind host/port (optional):
Bind Host :
Bind Port :
critical/Application: Error: boost::filesystem::copy_file: Permission denied: "/etc/icinga2/features-available/api.conf", "/etc/icinga2/features-available/api.conf.orig"
Additional information is available in '/var/log/icinga2/crash/report.1581942048.913386'
At this point I really think the best course of action would be to find and document a workaround for the broken certificate setup in the Icinga 2.10.3-2 node wizard, since it seems less broken.