If whatever OS you're using can spit out some logs about certificates about to expire then yes, LEM can track that. For Windows I think event id 64 is what you'll be wanting to look for. You can also wrote a PowerShell script that looks for expiring certificates and puts your own syslog that can be sent up and trapped by LEM.
Matthew Hawks