Preparing for Debian Buster


What to expect

DreamHost will contact you via email in advance of the upgrade.

The time frame of an upgrade can vary from server to server, however, the timing ensures that there are several highly trained engineers on hand should any major issues arise. The upgrade itself should take no longer than an hour to complete.

Host keys change

Every DreamHost server uses unique SSH keys to ensure your connection is safe and trusted. When you first use an SFTP or SSH client to connect to your server, it checks the keys to confirm the connection is safe.

When your server is updated, these keys will change. This means that the next time you attempt to connect to the server using an SFTP or SSH client, you will see the following message:

The server's host key is unknown. You have no guarantee that the server is the computer you think it is.

View the following article for steps you can take to verify this new fingerprint and save it to your client.

Legacy VPS with admin/sudo users

Even though you'll still have admin/sudo access to make any changes to your VPS following the upgrade, the upgrade to Buster may not be compatible for your current needs. For example, the following changes may affect your current setup:

  • Any changes made outside your /home directory will not be retained. DreamHost recommends making note of any system changes you've made with your admin/sudo user, including backing up any data and/or configuration files stored outside of /home.
  • If you're using Ruby, Python, or run a site that relies heavily on specific server packages, DreamHost strongly recommends reading through this entire article for specific details about preparing for the upgrade.

You can also consider the following options if you need to more control over your server environment after the upgrade to Buster:

  • If you rely on a highly customized setup and want full control over your software upgrades, DreamHost recommends DreamCompute as it provides a more elastic cloud computing solution, which is ideal for fully unmanaged environments.
  • If you aren't sure or wish to discuss a viable solution further, feel free to Contact Support.

Web server changes


VPSes running Apache will be upgraded to version 2.4 (from 2.2). Although this should not cause any major issues to your hosting environment, you can view a list of changes in the following article:

require valid-user

If you're using an .htaccess file to password protect your site, make sure you add this line to your .htaccess file:

require valid-user

If you do not add this, your site will throw a 500 error and the following line will display in your site's error.log:

AH01627: AuthType configured with no corresponding authorization directives

'Coming soon' page displays even though it doesn't exist

You may see your site displaying a 'Coming Soon' page that does not exist on your web server. Add the following line to your site's .htaccess file to resolve this.

DirectoryIndex disabled

WebDAV file listing hidden if index is present

On Apache 2.4, you must add the following text to the .htaccess file in order to access the directory of an index file using WebDAV (not a browser), since it won't show the file list in Windows Explorer:

DirectoryIndex disabled


Because boto-rsync is outdated software and is no longer maintained, it is also removed from the latest version of Debian Buster. DreamHost recommends using S3cmd or AWS CLI instead. You can find out more about how to use S3cmd or AWS CLI in the following articles:


The version of curl on Debian Buster is 7.64.0

FFmpeg and Libav

In Ubuntu 14 (Trusty), Libav replaced FFmpeg, and FFmpeg was removed from Trusty entirely. With the Debian Buster upgrade, this is reversed: FFmpeg is back, and Libav has been removed. Please make sure you update your file settings accordingly.


Debian Buster includes a new version of Java version Java 11.0.8.

This is the first major upgrade in quite some time, so it's definitely a good idea to make sure any Java dependencies you may have are compatible with version 8.

For more information on the latest versions of Java, visit the following link:


Debian Buster includes version 1.1.1d of OpenSSL.


Debian Buster includes a new version of Perl, 5.28.1.

For more information on updating your version of Perl, visit the following article:

PHP error logging

PHP errors are logged in your site's error.log file by default. You change which errors are reported and the location of where they are reported by updating your site's phprc file. View the following article for further details:


The following Python versions are changing:

  • Version upgrade to 3.7.3

Since Debian Buster includes a new kernel and operating system, it no longer supports custom compiled versions of Python older than 2.7.15. If you are running an application that uses a version of Python that is older than 2.7.15, you must upgrade your code so it is compatible with at least 2.7.15 when applicable.

If you need to use an older-than-2.7.15 version of Python, you can consider using DreamCompute to set up a customized environment that allows sudo access. For more information on DreamCompute, please see the following article:

If you used a version older than 2.7.15 when creating your virtualenv, you may need to reinstall your virtualenv and all modules with a newer version:

For more information on the latest versions of Python, visit the following links:

Python Django errors

After the upgrade, you may see errors in your Django application. For example.

django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: cannot open shared object file: No such file or directory.
Did you install mysqlclient or MySQL-python?


Delete your pip .cache directory.

Python virtualenv

If your website is using a Python virtual environment and you notice any errors after the upgrade, reinstall your virtual environment and all modules. This helps to ensure everything is compatible with the new libraries on the server.

Examples of errors you may see are Django, Passenger, or Python errors/warnings.


The Ruby version on the server is 2.5.5. If you would like more control over this (e.g., you wish to use an older or newer version of Ruby), DreamHost strongly recommends using RVM.

If you are using Bundler, you only need to run:

[server]$ bundle exec gem pristine

Then, reload Passenger so that the changes take effect by running touch on a restart.txt file from your apps tmp directory:

[server]$ touch  tmp/restart.txt


The version of SSH on Debian servers is 7.9p1. Please note that DSA keys are not available on this version.

How can I find support?

If you have any questions or concerns, please feel free to contact support.

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?