Hi,
You just need to forget about IIS secure port as it won't be used anymore and it will be managed by Stunnel and redirect to port 80.
Or you can go the other way around; setup a second IP to the network device and NAT to it (I'm guessing is what you are doing through a router) instead the IP that IIS serves on and re-route it from Stunnel to the other IP at port 80.
Both scenarios are valid. The second slightly going in circles...
Told the other way, or...
Public IP:443 > Stunnel listen on (10.0.1.11)443 and redirect traffic to ISS(10.0.1.11):80 or Public IP:443 > Stunnel keep listening on (ie: 10.0.1.110)442 (NAPTed) and redirecto to ISS(10.0.1.11):80
Note that I'm just giving options. The idea you should get is that IIS will stop to manage the secure connection, so 443 listening is not needed anymore, and will be managed by Stunnel. IIS will only act as a plain text server (80).
Unless IIS needs to manage, or setup, a secure setting for some reason, as I don't know how it works (should be as any other HTTP server) that is what you should do.
Regards.