diff --git a/enable-X509_V_FLAG_TRUSTED_FIRST-flag.patch b/enable-X509_V_FLAG_TRUSTED_FIRST-flag.patch
new file mode 100644
index 0000000..a9be1e2
--- /dev/null
+++ b/enable-X509_V_FLAG_TRUSTED_FIRST-flag.patch
@@ -0,0 +1,26 @@
+From 1a739c8dc34ec239ca0ded6a79bb7370f81944da Mon Sep 17 00:00:00 2001
+From: Martin Liska <mliska@suse.cz>
+Date: Fri, 1 Oct 2021 14:39:37 +0200
+Subject: [PATCH] Enable X509_V_FLAG_TRUSTED_FIRST flag.
+
+Fixes: Fix Let's Encrypt DST Root CA X3 certificate expiration.
+---
+ external/boringssl/crypto/x509/x509_vpm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/external/boringssl/crypto/x509/x509_vpm.c b/external/boringssl/crypto/x509/x509_vpm.c
+index 02a589888..4bbb1ceed 100644
+--- a/external/boringssl/crypto/x509/x509_vpm.c
++++ b/external/boringssl/crypto/x509/x509_vpm.c
+@@ -515,7 +515,7 @@ static const X509_VERIFY_PARAM default_table[] = {
+      (char *)"default",         /* X509 default parameters */
+      0,                         /* Check time */
+      0,                         /* internal flags */
+-     0,                         /* flags */
++     X509_V_FLAG_TRUSTED_FIRST, /* flags */
+      0,                         /* purpose */
+      0,                         /* trust */
+      100,                       /* depth */
+-- 
+2.33.0
+
diff --git a/mono-core.changes b/mono-core.changes
index 23851df..3de1ad2 100644
--- a/mono-core.changes
+++ b/mono-core.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct  1 13:17:13 UTC 2021 - Martin Liška <mliska@suse.cz>
+
+- Add enable-X509_V_FLAG_TRUSTED_FIRST-flag.patch in order to fix bsc#1191220.
+
 -------------------------------------------------------------------
 Thu Sep 30 18:05:19 UTC 2021 - Matthias Mailänder <mailaender@opensuse.org>
 
diff --git a/mono-core.spec b/mono-core.spec
index 088eb3f..f0f7ee1 100644
--- a/mono-core.spec
+++ b/mono-core.spec
@@ -62,6 +62,8 @@ Patch15:        xbuild-revert-to-mcs.patch
 Patch20:        xbuild-use-roslyn-vbc.patch
 # PATCH-FIX-UPSTREAM fix-s390x-ucontext.patch bsc#1171934 mgorse@suse.com -- fix s390x build on glibc 2.26.
 Patch22:        fix-s390x-ucontext.patch
+# PATCH-FIX-OPENSUSE enable-X509_V_FLAG_TRUSTED_FIRST-flag.patch bsc#1191220 mliska@suse.com -- fix the new Let's encrypt issue
+Patch23:        enable-X509_V_FLAG_TRUSTED_FIRST-flag.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -211,6 +213,7 @@ technologies that have been submitted to the ECMA for standardization.
 %patch20 -p1
 %endif
 %patch22 -p1
+%patch23 -p1
 
 %build
 %define _lto_cflags %{nil}