diff --git a/.gitea/workflows/nightly.yml b/.gitea/workflows/nightly.yml
index da11ebf7..2cb71392 100644
--- a/.gitea/workflows/nightly.yml
+++ b/.gitea/workflows/nightly.yml
@@ -120,6 +120,20 @@ jobs:
             --profile staging \
             up -d --wait --remove-orphans
 
+      - name: Reload Caddy
+        # Apply any committed Caddyfile changes before smoke-testing the
+        # public surface. Without this step, a Caddyfile edit lands in the
+        # repo but Caddy keeps serving the previous config until someone
+        # reloads it manually — the smoke test would then catch a stale
+        # header or a still-proxied /actuator route rather than confirming
+        # the current config is live.
+        #
+        # `systemctl reload caddy` sends SIGHUP; Caddy re-reads /etc/caddy/Caddyfile
+        # (symlinked to infra/caddy/Caddyfile) without dropping connections.
+        # If Caddy is not running this step fails fast and clearly before the
+        # smoke test issues a misleading "port 443 refused" error.
+        run: sudo systemctl reload caddy
+
       - name: Smoke test deployed environment
         # Healthchecks confirm containers are healthy; they do NOT confirm the
         # public surface works. This step catches: Caddy not reloaded, HSTS