The original order is in fact backwards. Certs should be followed by the issuing cert until the last cert is issued by a known root per IETF’s RFC 5246 Section 7.4.2
This is a sequence (chain) of certificates. The sender’s certificate
MUST come first in the list. Each following certificate MUST directly
certify the one preceding it.
See also SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch for troubleshooting techniques.
But I still don’t know why they wrote the spec so that the order matters.