diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index 13bdb921ef71..b527c0d3c333 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -85,6 +85,16 @@ stdenv.mkDerivation rec {
       revert = true;
       hash = "sha256-r/+Gmwqy0Yc1LHL/PdPLXlErUBC5JxquLzCBAN3LuRM=";
     })
+    # Makes the system-wide configuration for RSAES-PKCS1-v1_5 actually apply
+    # and makes it enabled by default when the config file is missing
+    # Without this an error 113 is thrown when using some RSA certificates
+    # see https://gitlab.com/gnutls/gnutls/-/issues/1540
+    # "This is pretty sever[e], since it breaks on letsencrypt-issued RSA keys." (comment from above issue)
+    (fetchpatch2 {
+      name = "fix-rsaes-pkcs1-v1_5-system-wide-configuration.patch";
+      url = "https://gitlab.com/gnutls/gnutls/-/commit/2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d.diff";
+      hash = "sha256-2aWcLff9jzJnY+XSqCIaK/zdwSLwkNlfDeMlWyRShN8=";
+    })
   ];
 
   # Skip some tests: