// Per Baseline Requirements, CAA must be checked within 8 hours of
// issuance. CAA is checked when an authorization is validated, so as
// long as that was less than 8 hours ago, we're fine. We recheck if
// that was more than 7 hours ago, to be on the safe side. We can
// check to see if the authorized challenge `AttemptedAt`
// (`Validated`) value from the database is before our caaRecheckTime.
// Set the recheck time to 7 hours ago.
caaRecheckAfter := now.Add(-7 * time.Hour)
look like it's 7hour for safe margin in LE, it's hardcoded so it should be same for both prod and staging.
ra.reuseValidAuthz is configfiile value, and so I have no idea if staging's config use it or not, althogh
it was disabled in staging in 2019