In a project I'd like to control a heating circuit with an SSR, and I'd need a contingency plan for when the SSR fails closed, and the microcontroller cannot turn off the heating element, which would be unsafe.
The easiest option I can see is to have two SSRs in series, and do a check on startup to check that turning off either will interrupt the current, and display an error as well as refuse to operate.
What would be considered best practice here?
Best Answer
I would add a normally open mechanical relay in series with the SSR. Let the microcontroller close the relay on boot, and make sure the pin's state is such that the relay is open when the controller boots and before any code runs (most controllers boot with tristated GPIO pins, so add a pullup/pulldown to your relay driver transistor. Do not rely on the software pullup/pulldown to disengage the relay). Enable the watchdog on the micro, so that a reset disengages the mechanical relay if the software crashes.
I assume that you have a temperature sensor for measuring the process parameter. Add a timeout and a threshold to detect a failed open SSR or a misplaced/disconnected temp sensor: When the micro decides to engage the heater and the measured temp does not rise e.g. 2 degrees in 30 seconds, bail out and open the mechanical relay. Also make the micro turn off the relay when the temp is unsafely high. Further, add a temp fuse or temp switch in series with the relay and the SSR with a temp a little bit above the software limit, to disengage the heater in case of fatal damage to the control hardware.