diff --git a/changes/ticket28113 b/changes/ticket28113
new file mode 100644
index 0000000000..30dd825a9b
--- /dev/null
+++ b/changes/ticket28113
@@ -0,0 +1,5 @@
+  o Minor bugfixes (relay shutdown, systemd):
+    - Notify systemd of ShutdownWaitLength so it can be set to longer than
+      systemd's TimeoutStopSec. In tor's systemd service file, set
+      TimeoutSec to 60 seconds, to allow tor some time to shut down.
+      Fixes bug 28113; bugfix on 0.2.6.2-alpha.
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 9c1a255b2e..e857a8664e 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -15,7 +15,7 @@ ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config
 ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc
 ExecReload=/bin/kill -HUP ${MAINPID}
 KillSignal=SIGINT
-TimeoutSec=30
+TimeoutSec=60
 Restart=on-failure
 WatchdogSec=1m
 LimitNOFILE=32768
diff --git a/src/feature/hibernate/hibernate.c b/src/feature/hibernate/hibernate.c
index 02b05ca3a2..4c46c4fe2a 100644
--- a/src/feature/hibernate/hibernate.c
+++ b/src/feature/hibernate/hibernate.c
@@ -856,6 +856,26 @@ hibernate_begin(hibernate_state_t new_state, time_t now)
                "connections, and will shut down in %d seconds. Interrupt "
                "again to exit now.", options->ShutdownWaitLength);
     shutdown_time = time(NULL) + options->ShutdownWaitLength;
+#ifdef HAVE_SYSTEMD
+    /* tell systemd that we may need more than the default 90 seconds to shut
+     * down so they don't kill us. add some extra time to actually finish
+     * shutting down, otherwise systemd will kill us immediately after the
+     * EXTEND_TIMEOUT_USEC expires. this is an *upper* limit; tor will probably
+     * only take one or two more seconds, but assume that maybe we got swapped
+     * out and it takes a little while longer.
+     *
+     * as of writing, this is a no-op with all-defaults: ShutdownWaitLength is
+     * 30 seconds, so this will extend the timeout to 60 seconds.
+     * default systemd DefaultTimeoutStopSec is 90 seconds, so systemd will
+     * wait (up to) 90 seconds anyways.
+     *
+     * 2^31 usec = ~2147 sec = ~35 min. probably nobody will actually set
+     * ShutdownWaitLength to more than that, but use a longer type so we don't
+     * need to think about UB on overflow
+     */
+    sd_notifyf(0, "EXTEND_TIMEOUT_USEC=%" PRIu64,
+            ((uint64_t)(options->ShutdownWaitLength) + 30) * TOR_USEC_PER_SEC);
+#endif
   } else { /* soft limit reached */
     hibernate_end_time = interval_end_time;
   }