It does. "service nginx reload" (and similar commands, like systemctl reload nginx in systemd territory) sends SIGHUP to the nginx master process on all distributions I'm aware of, and that will cause the certificate and key files to be re-read.

I've been using this in production for more than a year now, and if you google around a bit, most guides for automating renewal on nginx[1] will use that command.

[1]: https://www.digitalocean.com/community/tutorials/how-to-secu...

Ah, thanks for the reference. I only did restart because I had a vague recollection of reading that reload doesn't do the trick.