diff --git a/ChangeLog.txt b/ChangeLog.txt
index 6977399d..add4924f 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -63,6 +63,7 @@ Broker:
 - Add the `bridge_max_packet_size` option. Closes #265.
 - Add the `bridge_bind_address` option. Closes #1311.
 - Fix crash on Windows if loading a plugin fails. Closes #1866.
+- TLS certificates for the server are now reloaded on SIGHUP.
 
 Client library:
 - Client no longer generates random client ids for v3.1.1 clients, these are
diff --git a/src/loop.c b/src/loop.c
index 9e19f947..23be05b6 100644
--- a/src/loop.c
+++ b/src/loop.c
@@ -199,6 +199,7 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li
 		if(flag_reload){
 			log__printf(NULL, MOSQ_LOG_INFO, "Reloading config.");
 			config__read(db, db->config, true);
+			listeners__reload_all_certificates(db);
 			mosquitto_security_cleanup(db, true);
 			mosquitto_security_init(db, true);
 			mosquitto_security_apply(db);
diff --git a/src/mosquitto.c b/src/mosquitto.c
index 6e5c2974..007a868e 100644
--- a/src/mosquitto.c
+++ b/src/mosquitto.c
@@ -217,6 +217,25 @@ void listener__set_defaults(struct mosquitto__listener *listener)
 }
 
 
+void listeners__reload_all_certificates(struct mosquitto_db *db)
+{
+	int i;
+	int rc;
+	struct mosquitto__listener *listener;
+
+	for(i=0; i<db->config->listener_count; i++){
+		listener = &db->config->listeners[i];
+		if(listener->ssl_ctx && listener->certfile && listener->keyfile){
+			rc = net__load_certificates(listener);
+			if(rc){
+				log__printf(NULL, MOSQ_LOG_ERR, "Error when reloading certificate '%s' or key '%s'.",
+						listener->certfile, listener->keyfile);
+			}
+		}
+	}
+}
+
+
 int listeners__start_single_mqtt(struct mosquitto_db *db, mosq_sock_t **listensock, int *listensock_count, int *listensock_index, struct mosquitto__listener *listener)
 {
 	int i;
diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h
index 3e76d11e..408e48fa 100644
--- a/src/mosquitto_broker_internal.h
+++ b/src/mosquitto_broker_internal.h
@@ -663,6 +663,7 @@ int net__socket_listen(struct mosquitto__listener *listener);
 int net__socket_get_address(mosq_sock_t sock, char *buf, size_t len);
 int net__tls_load_verify(struct mosquitto__listener *listener);
 int net__tls_server_ctx(struct mosquitto__listener *listener);
+int net__load_certificates(struct mosquitto__listener *listener);
 
 /* ============================================================
  * Read handling functions
@@ -795,6 +796,7 @@ int mux__cleanup(struct mosquitto_db *db);
  * Listener related functions
  * ============================================================ */
 void listener__set_defaults(struct mosquitto__listener *listener);
+void listeners__reload_all_certificates(struct mosquitto_db *db);
 
 /* ============================================================
  * Plugin related functions