They shouldn’t allow CNAME on root, because this is the standard. They should behave like this.
That is to say, our CNAME verification requires you to set up a CNAME record on a subdomain, not on the root directly. DId you read the instructions carefully enough?