diff --git a/group_vars/README.md b/group_vars/README.md
index 2ab491c..e8d19dd 100644
--- a/group_vars/README.md
+++ b/group_vars/README.md
@@ -548,6 +548,7 @@ nrpe_commands:
     line: >-
       /opt/check_ssl_cert/check_ssl_cert -f /etc/openvpn/client.crt --ignore-maximum-validity
       --ignore-incomplete-chain  --allow-empty-san --ignore-sct --warning 15 --critical 1
+    sudo: true
 ```
 
 ## nrpe_opts
diff --git a/tasks/nrpe.yml b/tasks/nrpe.yml
index 02b6e84..2b6657e 100644
--- a/tasks/nrpe.yml
+++ b/tasks/nrpe.yml
@@ -18,6 +18,20 @@
     dest: /etc/nagios/nrpe_local.cfg
     mode: "0644"
 
+- name: List sudo commands
+  ansible.builtin.set_fact:
+    nrpe_sudo_commands: "{{ nrpe_sudo_commands | default([]) + [item.line] }}"
+  loop: "{{ nrpe_commands }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: '"sudo" in item and item.sudo is truthy'
+
+- name: Setup sudoers
+  community.general.sudoers:
+    name: nagios_nrpe
+    user: nagios
+    commands: "{{ nrpe_sudo_commands | default([]) }}"
+
 - name: Manage daemon settings
   ansible.builtin.template:
     src: nrpe/nagios-nrpe-server.j2
diff --git a/templates/nrpe/nrpe_local.cfg.j2 b/templates/nrpe/nrpe_local.cfg.j2
index 73c64e8..b3a115f 100644
--- a/templates/nrpe/nrpe_local.cfg.j2
+++ b/templates/nrpe/nrpe_local.cfg.j2
@@ -1,5 +1,5 @@
 {{ ansible_managed | comment }}
 
 {% for command in nrpe_commands | default([]) %}
-command[{{ command['name'] }}]={{ command['line'] }}
+command[{{ command['name'] }}]={% if 'sudo' in command and command['sudo'] is truthy %}sudo {% endif %}{{ command['line'] }}
 {% endfor %}