Correct me if I’m wrong, but it looks like you’re trying to submit a Single Redirect rule (phase http_request_dynamic_redirect) using Bulk Redirects ruleset (http_request_redirect).
It does seem like it. I was able to get the rule created with moving away to the single redirect! Thanks Now I have another issue which is a 525 error. While travel.ramp.com uses the *.ramp.com cert and app.ramp.com uses its own I could understand the mismatch but I have the CNAME record proxied through cloudflare. If I implement the same thing with page_rule it works but they are going to be deprecated so might as well get this working with the cloudflare_ruleset resource.
525 error means your origin didn’t serve SSL certificate to us. Mismatch between hostnames in the request and in the SSL certificate would have caused 526 error instead.
If your origin doesn’t return SSL certificate, you can force Cloudflare to connect to your origin via port 80 for a specific hostname by setting SSL to Flexible using Configuration Rules.