If you run Debian or any other server software accepting key-based authentication (with keys having come eventually from Debian installations), you will need to re-create all OpenSSL keys. The Debian people put together a Wiki page called SSLkeys that explains how to re-create keys for various software packages.

From the editors at Heise there is a very good overview of the situation called Der kleine OpenSSL Wegweiser (German only).

Run the following and enter your DNS hostname when asked for the "Common Name":

openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem

Now stunnel needs some more caring (Diffie-Hellman initialization parameters; not providing them results in the error message "Could not load DH parameters" when trying to start stunnel):

dd if=/dev/urandom count=2 | openssl dhparam -rand - 512 >> stunnel.pem

Copy the resulting stunnel.pem to the directory /etc/ssl/certs/, where stunnel expects it to be.

You can test whether all is working again like this:

stunnel -f -d 465 -r localhost:25

The certificate /etc/ssl/certs/stunnel.pem can now be used without changes for the aforementioned nice pieces of software too:

lighttpd
dovecot