Note that Let's Encrypt extends the lifetime from 7 to 30 days after it has become valid (i.e. the expires field is updated). If your client assumes that the authorization lifetime is still at its original 7 day value, the dates will be different from the actual lifetimes used by the CA.
7 Likes