I don't know about terminating on the load balancer level, but it works fine on the ingress-level (http router) with cert-manager, nginx-ingress-controller and the Ingress-definition.
That's exactly how I manage it too. It means there only needs to be one load balancer per cluster, and adding a new SSL cert is just a matter of adding a couple of lines to the ingress config.
Load balancer certs via annotations are supported, but they're a bit iffy when pairing with controllers like ambassador, since ambassador expects to own TLS termination (although the ambassador docs do say this is configurable). https://www.digitalocean.com/docs/kubernetes/how-to/configur...