Hello @chit164, welcome to the Let's Encrypt community. 
You need to add letsencrypt.org to your DNS CAA record or remove the CAA record altogether.
Using Let's Debug yields results https://letsdebug.net/nblp.moph.go.th/1410461
CAAIssuanceNotAllowed
Fatal
No CAA record on moph.go.th (wildcard=false) contains the issuance domain "letsencrypt.org". You must either add an additional record to include "letsencrypt.org" or remove every existing CAA record. A list of the CAA records are provided in the details.
moph.go.th. 0 IN CAA 0 issue "sectigo.com"
moph.go.th. 0 IN CAA 0 issue "godaddy.com"
moph.go.th. 0 IN CAA 0 issue "globalsign.com"
moph.go.th. 0 IN CAA 0 issue "digicert.com"
Your DNS CAA record contains https://unboundtest.com/m/CAA/moph.go.th/HTUYAL73
Query results for CAA moph.go.th
Response:
;; opcode: QUERY, status: NOERROR, id: 51109
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;moph.go.th. IN CAA
;; ANSWER SECTION:
moph.go.th. 0 IN CAA 0 issuewild "sectigo.com"
moph.go.th. 0 IN CAA 0 issue "globalsign.com"
moph.go.th. 0 IN CAA 0 issuewild "globalsign.com"
moph.go.th. 0 IN CAA 0 issue "godaddy.com"
moph.go.th. 0 IN CAA 0 issue "digicert.com"
moph.go.th. 0 IN CAA 0 issuewild "digicert.com"
moph.go.th. 0 IN CAA 0 issue "sectigo.com"
----- Unbound logs -----
Mar 17 02:16:19 unbound[741295:0] notice: init module 0: validator