When you renewed it just now with the updated port, it updated the .conf
file in /etc/letsencrypt/renewal
with the new port. As such, you don't need to change anything further.
. The way you've done it is fine, I think stuff like this largely comes down to sysadmin tastes.
The nginx authenticator in Certbot actually (temporarily) adds all of the /.well-known/acme-challenge/
nginx stanzas on its own during authentication, so the one you have configured on your own is redundant. It would be useful if you used the webroot authenticator (as in a couple of posts back). But it's not a big deal.
At version 1.5.0, definitely, yes.