diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix
index 71b8d2bb20e..4bfa6cd0b8e 100644
--- a/pkgs/development/libraries/libressl/default.nix
+++ b/pkgs/development/libraries/libressl/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lib, cmake }:
+{ stdenv, fetchurl, lib, cmake, cacert }:
 
 let
 
@@ -31,6 +31,12 @@ let
       rm configure
     '';
 
+    # Since 2.9.x the default location can't be configured from the build using
+    # DEFAULT_CA_FILE anymore, instead we have to patch the default value.
+    postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") ''
+      substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"'
+    '';
+
     enableParallelBuilding = true;
 
     outputs = [ "bin" "dev" "out" "man" "nc" ];