diff --git a/changes/ticket28113 b/changes/ticket28113
new file mode 100644
index 0000000000..2585514b8a
--- /dev/null
+++ b/changes/ticket28113
@@ -0,0 +1,3 @@
+  o Minor bugfixes (relay shutdown, systemd):
+    - Notify systemd of ShutdownWaitLength so it can be set to longer than
+      systemd's TimeoutStopSec. Fixes bug 28113; bugfix on 0.2.6.2-alpha.
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index e3c80b5f14..a59d52f3d8 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -837,6 +837,26 @@ hibernate_begin(hibernate_state_t new_state, time_t now)
                "connections, and will shut down in %d seconds. Interrupt "
                "again to exit now.", options->ShutdownWaitLength);
     shutdown_time = time(NULL) + options->ShutdownWaitLength;
+#ifdef HAVE_SYSTEMD
+    /* tell systemd that we may need more than the default 90 seconds to shut
+     * down so they don't kill us. add some extra time to actually finish
+     * shutting down, otherwise systemd will kill us immediately after the
+     * EXTEND_TIMEOUT_USEC expires. this is an *upper* limit; tor will probably
+     * only take one or two more seconds, but assume that maybe we got swapped
+     * out and it takes a little while longer.
+     *
+     * as of writing, this is a no-op with all-defaults: ShutdownWaitLength is
+     * 30 seconds, so this will extend the timeout to 60 seconds.
+     * default systemd DefaultTimeoutStopSec is 90 seconds, so systemd will
+     * wait (up to) 90 seconds anyways.
+     *
+     * 2^31 usec = ~2147 sec = ~35 min. probably nobody will actually set
+     * ShutdownWaitLength to more than that, but use a longer type so we don't
+     * need to think about UB on overflow
+     */
+    sd_notifyf(0, "EXTEND_TIMEOUT_USEC=%" PRIu64,
+            ((uint64_t)(options->ShutdownWaitLength) + 30) * TOR_USEC_PER_SEC);
+#endif
   } else { /* soft limit reached */
     hibernate_end_time = interval_end_time;
   }