smbcontrol samba reload-config does not reload updated SSL/TLS certificate files, used by the AD DC LDAP service. There was also a request on the mailing list: https://lists.samba.org/archive/samba/2021-March/235094.html
I guess this got (basically) fixed in Samba 4.19 with commit e86e0da9de6a7d108348ad37f1ae9885ebb74c37?