diff --git a/website/pages/docs/configuration/index.mdx b/website/pages/docs/configuration/index.mdx
index 1a2c70cc7..0424bfb29 100644
--- a/website/pages/docs/configuration/index.mdx
+++ b/website/pages/docs/configuration/index.mdx
@@ -311,6 +311,26 @@ testing.
 - `vault` `(`[`Vault`]`: nil)` - Specifies configuration for
   connecting to Vault.
 
+## Configuration Reload
+
+You can send the Nomad process a `SIGHUP` signal to reload a limited subset of
+its configuration. The fields that currently support reloading are:
+
+- [`log_level`](#log_level): the log level is reloaded but not any other
+  logging configuration value.
+- [`tls`][tls-reload]: note this only reloads the TLS configuration between
+  Nomad agents (servers and clients), and not the TLS configuration for
+  communication with Consul or Vault.
+- [`vault`][vault-reload]: note this only reloads the TLS configuration
+  between Nomad and Vault, but not other configuration values.
+
+In order to reload any other configuration values, you must restart the Nomad
+agent.
+
+If the Nomad agent receives a `SIGHUP` during initialization, it may crash
+(see [GH-3885]). Ensure that the Nomad agent is able to receive RPC traffic
+before attempting to reload its configuration.
+
 ## Examples
 
 ### Custom Region and Datacenter
@@ -345,3 +365,6 @@ http_api_response_headers {
 [go-sockaddr/template]: https://godoc.org/github.com/hashicorp/go-sockaddr/template
 [log-api]: /api-docs/client#stream-logs
 [hcl]: https://github.com/hashicorp/hcl 'HashiCorp Configuration Language'
+[tls-reload]: /docs/configuration/tls#tls-configuration-reloads
+[vault-reload]: /docs/configuration/vault#vault-configuration-reloads
+[GH-3885]: https://github.com/hashicorp/nomad/issues/3885
diff --git a/website/pages/docs/configuration/tls.mdx b/website/pages/docs/configuration/tls.mdx
index 18edd1b64..78cd272f1 100644
--- a/website/pages/docs/configuration/tls.mdx
+++ b/website/pages/docs/configuration/tls.mdx
@@ -100,4 +100,18 @@ tls {
 }
 ```
 
+### `tls` Configuration Reloads
+
+Nomad supports dynamically reloading both client and server TLS
+configuration. To reload an agent's TLS configuration, first update the TLS
+block in the agent's configuration file and then send the Nomad agent a
+`SIGHUP` signal. Note that this will only reload a subset of the configuration
+file, including the TLS configuration.
+
+The agent reloads all its network connections when there are changes to its
+TLS configuration during a config reload via `SIGHUP`. Any new connections
+established will use the updated configuration, and any outstanding old
+connections will be closed. This process works when upgrading to TLS,
+downgrading from it, as well as rolling certificates.
+
 [raft]: https://github.com/hashicorp/serf 'Serf by HashiCorp'