@juanam, you have the shoutcast server listening in that ip and port so it is not using stunnel. I don’t know how or where you configured stunnel.
Also, I’ve been using stunnel for a long time to cover several services and I always used two directives for stunnel, cert that points to fullchain.pem and key that points to privkey.pem
Something like this:
accept = 1234
connect = 126.96.36.199:8820
cert = /etc/letsencrypt/live/radio.domain.tld/fullchain.pem
key = /etc/letsencrypt/live/radio.domain.tld/privkey.pem
This configuration start stunnel on port 1234 using the certificates for radio.domain.tld and redirect the connection to your shoutcast server.188.8.131.52 on port 8820.
If you access to one of my domains on port 1234 https://27a.net:1234 (this link will be deactivated in 24 hours) you will see how it works.
Note: Keep in mind that you can’t start stunnel in the same machine and port that uses the shoutcast server, if you are configuring stunnel in the machine where the shoutcast server is installed, use another port as in my example (1234) or use 8820 but start the shoutcast server on a different port… port 9921 for example.