As you saw, that won't let you get a certificate through http-01, because Let's Encrypt needs to verify that you own the name as seen by everywhere on the Internet and so they check from many places.
Note that this only changes the port that the standalone server is listening on, the validation will still happen over port 80. That option is designed for weird cases where you have some NAT device mapping incoming port 80 to some other port on the server, and isn't useful nearly as often as people try to use it.
Yes, Let's Encrypt saves successful validations for 30 days, though they're considering reducing it. During that time, you can get a certificate for the name without needing to re-authorize.
In Let's Encrypt's database, the "authorization" object for your name is marked as successful, and has an expiration of when it will no longer work and your ACME account would need to validate again.
In theory, yes your ACME client can explicitly invalidate the authorization. I don't think certbot exposes the functionality directly, but when you do --dry-run to test against staging, it should invalidate all the authorizations and so it will actually test the authorizations. If you're trying to do testing, then definitely use the staging environment, as that's what it's for.
The connection is just that they're for the same domain name.