diff --git a/abstractions-ssl-certbot-paths.diff b/abstractions-ssl-certbot-paths.diff
new file mode 100644
index 0000000..5b64659
--- /dev/null
+++ b/abstractions-ssl-certbot-paths.diff
@@ -0,0 +1,38 @@
+commit b5772e29efbc3c2325b4a2ba312bb4cf0c78f181
+Author: Christian Boltz <gitlab2@cboltz.de>
+Date:   Sun Jun 30 07:14:42 2019 +0000
+
+    Merge branch 'cboltz-2.13-certbot' into 'apparmor-2.13'
+    
+    [2.10..2.13] Add for Certbot on openSUSE Leap
+    
+    See merge request apparmor/apparmor!398
+    
+    Acked-by: John Johansen <john.johansen@canonical.com> for 2.10..2.13
+    
+    (cherry picked from commit 14a11e67a5b8e06a5ba5080d9824df8010e28552)
+    
+    8b766451 Add for Certbot on openSUSE Leap
+
+diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
+index b5382ec9..789efc58 100644
+--- a/profiles/apparmor.d/abstractions/ssl_certs
++++ b/profiles/apparmor.d/abstractions/ssl_certs
+@@ -38,3 +38,7 @@
+   /etc/letsencrypt/archive/*/cert*.pem r,
+   /etc/letsencrypt/archive/*/chain*.pem r,
+   /etc/letsencrypt/archive/*/fullchain*.pem r,
++
++  /etc/certbot/archive/*/cert*.pem r,
++  /etc/certbot/archive/*/chain*.pem r,
++  /etc/certbot/archive/*/fullchain*.pem r,
+diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys
+index 84f5c503..2de760b5 100644
+--- a/profiles/apparmor.d/abstractions/ssl_keys
++++ b/profiles/apparmor.d/abstractions/ssl_keys
+@@ -26,3 +26,5 @@
+ 
+   # certbot / letsencrypt
+   /etc/letsencrypt/archive/*/privkey*.pem r,
++
++  /etc/certbot/archive/*/privkey*.pem r,
diff --git a/apparmor.changes b/apparmor.changes
index 73b460d..dadc216 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sat Sep 28 15:20:10 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
+
+- add abstractions-ssl-certbot-paths.diff - add certbot paths to
+  abstractions/ssl_certs and abstractions/ssl_keys
+
 -------------------------------------------------------------------
 Fri Sep 27 21:43:55 UTC 2019 - Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>
 
diff --git a/apparmor.spec b/apparmor.spec
index 921e396..2d2c09b 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -65,9 +65,12 @@ Patch4:         apparmor-lessopen-profile.patch
 # workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
 Patch5:         apparmor-lessopen-nfs-workaround.diff
 
-# allow /etc/krb5.conf.d/ for kerberos client
+# allow /etc/krb5.conf.d/ for kerberos client (submitted upstream 2019-09-28 https://gitlab.com/apparmor/apparmor/merge_requests/425)
 Patch6:         apparmor-krb5-conf-d.diff
 
+# add certbot paths to abstractions/ssl_keys and abstractions/ssl_certs (from upstream https://gitlab.com/apparmor/apparmor/merge_requests/398, merged 2019-06-30)
+Patch7:         abstractions-ssl-certbot-paths.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -357,6 +360,7 @@ SubDomain.
 %patch4
 %patch5
 %patch6 -p1
+%patch7 -p1
 
 %build
 %define _lto_cflags %{nil}