Thanks a lot, I still have some issues:

1- Why must we use the ''-H 'Host: coolaj86.com' '' in this command
for getting the correct result?

2- If I want to use internet explorer, such as firefox/chrome to open
the corresponding url, i.e., http://localhost:3000/, how should I do?

3- There are 3 certificates given by the owner of the website
https://coolaj86.com/. They are all stored here:

https://gist.github.com/coolaj86/327cee3eee6fc119b389/

Just as you can see, the 3 certificates are named as follows:

cert.pem
chain.pem
root.pem

What's the relationship between the above 3 certificates?

And the first certificate, i.e., the cert.pem, is the one used for the
website https://coolaj86.com/.

So, I just want to know why we must the root.pem in the stunnel's conf file?

Regards

https://en.wikipedia.org/wiki/Virtual_hosting#Name-based
Here are various ways depending on which parts of your infrastructure
are under your control:

1. Your client machines need to connect (what they believe is)
coolaj86.com to send this specific host name in the headers. You can
achieve it with DNS or /etc/hosts (or equivalent) file.

2. You can rewrite HTTP headers with another software (stunnel won't
do it for you).

3. You can reconfigure coolaj86.com to accept "localhost" as the host
name for virtual server coolaj86.com.

Mike

I've tried add the following two lines into the /etc/hosts file:

67.166.110.237 www.coolaj86.com
67.166.110.237 coolaj86.com

But still the issue exists when I use firefox to open http://localhost:3000/.

I'm not sure whether I've understood your above explanations correctly or not?

Regards

Added this to /etc/hosts file.
Based on you above notes, I use the following settings in stunnel-tlsvpn.conf:

$ grep -Ev '^[ ]*(#|;|$)' stunnel-tlsvpn.conf
client = yes
verify = 1
foreground = yes
[tlsvpn]
accept = 127.0.0.1:3000
sni = coolaj86.com
connect = 67.166.110.237:443
CAfile = ./root.pem
But still, firefox failed with the above url, the error is as follows:

Secure Connection Failed

The connection to coolaj86.com:3000 was interrupted while the page was loading.

The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.


Why should I slove this issue?

Thanks again.
No, I'm from China. Thanks for help again.

Regards

Yes, you're right, this is my surname.
1- If not insert the following line into /etc/hosts:

127.0.0.1 coolaj86.com

$ ping coolaj86.com
PING coolaj86.com (67.166.110.237) 56(84) bytes of data.
64 bytes from c-67-166-110-237.hsd1.ut.comcast.net (67.166.110.237):
icmp_seq=1 ttl=44 time=261 ms
64 bytes from c-67-166-110-237.hsd1.ut.comcast.net (67.166.110.237):
icmp_seq=2 ttl=44 time=259 ms
64 bytes from c-67-166-110-237.hsd1.ut.comcast.net (67.166.110.237):
icmp_seq=3 ttl=44 time=257 ms
^C
--- coolaj86.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 257.055/259.227/261.534/1.923 ms


2- If insert the above line into /etc/hosts:

$ ping coolaj86.com
PING coolaj86.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.050 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.071 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.052 ms
64 bytes from localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.073 ms
64 bytes from localhost (127.0.0.1): icmp_seq=7 ttl=64 time=0.060 ms
64 bytes from localhost (127.0.0.1): icmp_seq=8 ttl=64 time=0.122 ms
^C
--- coolaj86.com ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7000ms
rtt min/avg/max/mdev = 0.050/0.071/0.122/0.022 ms

Regards
Zhao is my surname, and Hongyi is my name.

Regards