At some point along Debian's journey, rescue and emergency runlevels broke for anyone who has a locked root account and, say, uses sudo exclusively to run administrative commands. See the bug report and a proposed installer patch. This is not an atypical setup—it's a standard option of the Debian installer, and happens to be one I typically use.
To summarise what's going on, the system now prevents root from logging in due to it being a locked account (having no password, it cannot be authenticated), which means that the rescue and emergency runlevels always error and fail to bring up a shell. What bloody good are they, then, right?
Not too long ago things got to the point where the system can be configured to work as expected, again, but certain settings need to be enabled beforehand. This is described below. Note that doing so arguably introduces a security …