First here is what I did on Ubuntu 16/nginx Digital Ocean droplet:

1. Installed free SSL cert as per their guide for old domain OLD_domain.com.au, all good.
2. Domain changed to NEW_domain.com.au.
3. Removed old cert and installed cert for new domain, again all good and NEW_domain.com.au is working.

However I notice /etc/nginx/sites-enabled/default still has references to old domain. My question is can I just manually update this file with the new domain and restart nginx? Or is there a better way?

Here is the relavant bits of the file:

/* /etc/nginx/sites-enabled/default */

server {
    …

    server_name NEW_domain.com.au www.NEW_domain.com.au;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/NEW_domain.com.au/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/NEW_domain.com.au/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    …

server {
    if ($host = www.accessmygp.com.au) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = accessmygp.com.au) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name accessmygp.com.au www.accessmygp.com.au;
    listen 80;
    return 404; # managed by Certbot

    …