To replace the NSX Manager certificate for the remaining workload domain, since the vCenter Server that signed the certificate has been deleted.

If you created an isolated workload domain prior to VCF 5.2 and that workload domain shares an NSX Manager instance with another isolated workload domain, then deleting the original workload domain may cause communication issues in the remaining workload domain.

The NSX Manager instance for isolated workload domains created prior to VCF 5.2 is assigned a certificate signed by the workload domain vCenter Server. When you delete the workload domain, the vCenter Server that signed the certificate is also deleted.

Follow the NSX-T Replace Certs doc on how to replace the NSX certificates.

Follow to replace the NSX-T managers with VMCA signed certificates. 
Scripted process to Replace Expired or Self-signed VMware NSX-T Manager Certificates with VMCA-Signed Certificates