diff --git a/changelog/unreleased/issue-1926 b/changelog/unreleased/issue-1926
index 8d16bb8db..9f172b1f8 100644
--- a/changelog/unreleased/issue-1926
+++ b/changelog/unreleased/issue-1926
@@ -1,6 +1,8 @@
-Enhancemnet: Certificates can be passed through environment variables
+Enhancement: Certificates can be passed through environment variables
 
-Restic will now read the paths to the certificates from the environment variables `RESTIC_CACERT` or `RESTIC_TLS_CLIENT_CERT` if `--cacert` or `--tls-client-cert` is not specified. 
+Restic will now read the paths to the certificates from the environment
+variables `RESTIC_CACERT` or `RESTIC_TLS_CLIENT_CERT` if `--cacert` or
+`--tls-client-cert` are not specified. 
 
 https://github.com/restic/restic/issues/1926  
 https://github.com/restic/restic/pull/4384
diff --git a/cmd/restic/global.go b/cmd/restic/global.go
index 3f55e1cbe..487fa9673 100644
--- a/cmd/restic/global.go
+++ b/cmd/restic/global.go
@@ -134,7 +134,7 @@ func init() {
 	f.BoolVarP(&globalOptions.JSON, "json", "", false, "set output mode to JSON for commands that support it")
 	f.StringVar(&globalOptions.CacheDir, "cache-dir", "", "set the cache `directory`. (default: use system default cache directory)")
 	f.BoolVar(&globalOptions.NoCache, "no-cache", false, "do not use a local cache")
-	f.StringSliceVar(&globalOptions.RootCertFilenames, "cacert", nil, "`file` to load root certificates from (default: use system certificates)")
+	f.StringSliceVar(&globalOptions.RootCertFilenames, "cacert", nil, "`file` to load root certificates from (default: use system certificates or $RESTIC_CACERT)")
 	f.StringVar(&globalOptions.TLSClientCertKeyFilename, "tls-client-cert", "", "path to a `file` containing PEM encoded TLS client certificate and private key (default: $RESTIC_TLS_CLIENT_CERT)")
 	f.BoolVar(&globalOptions.InsecureTLS, "insecure-tls", false, "skip TLS certificate verification when connecting to the repository (insecure)")
 	f.BoolVar(&globalOptions.CleanupCache, "cleanup-cache", false, "auto remove old cache directories")
diff --git a/doc/040_backup.rst b/doc/040_backup.rst
index 8ab2a50d6..b01683929 100644
--- a/doc/040_backup.rst
+++ b/doc/040_backup.rst
@@ -567,7 +567,7 @@ environment variables. The following lists these environment variables:
     RESTIC_PASSWORD                     The actual password for the repository
     RESTIC_PASSWORD_COMMAND             Command printing the password for the repository to stdout
     RESTIC_KEY_HINT                     ID of key to try decrypting first, before other keys
-    RESTIC_CACERT                       Location(s) of certificate file(s), comma seperated if multiple (replaces --cacert)
+    RESTIC_CACERT                       Location(s) of certificate file(s), comma separated if multiple (replaces --cacert)
     RESTIC_TLS_CLIENT_CERT              Location of TLS client certificate and private key (replaces --tls-client-cert)
     RESTIC_CACHE_DIR                    Location of the cache directory
     RESTIC_COMPRESSION                  Compression mode (only available for repository format version 2)