diff --git a/letsencrypt/auth_handler.py b/letsencrypt/auth_handler.py
index 45c51a020..3b8c5e393 100644
--- a/letsencrypt/auth_handler.py
+++ b/letsencrypt/auth_handler.py
@@ -480,6 +480,9 @@ def is_preferred(offered_challb, satisfied,
     return True
 
 
+_ACME_PREFIX = "urn:acme:error:"
+
+
 _ERROR_HELP_COMMON = (
     "To fix these errors, please make sure that your domain name was entered "
     "correctly and the DNS A record(s) for that domain contain(s) the "
@@ -540,11 +543,13 @@ def _generate_failed_chall_msg(failed_achalls):
 
     """
     typ = failed_achalls[0].error.typ
+    if typ.startswith(_ACME_PREFIX):
+        typ = typ[len(_ACME_PREFIX):]
     msg = ["The following errors were reported by the server:"]
 
     for achall in failed_achalls:
         msg.append("\n\nDomain: %s\nType:   %s\nDetail: %s" % (
-            achall.domain, achall.error.typ, achall.error.detail))
+            achall.domain, typ, achall.error.detail))
 
     if typ in _ERROR_HELP:
         msg.append("\n\n")
diff --git a/letsencrypt/tests/auth_handler_test.py b/letsencrypt/tests/auth_handler_test.py
index 5b4c2bfc7..5a6199ca3 100644
--- a/letsencrypt/tests/auth_handler_test.py
+++ b/letsencrypt/tests/auth_handler_test.py
@@ -437,9 +437,12 @@ class ReportFailedChallsTest(unittest.TestCase):
             "chall": acme_util.HTTP01,
             "uri": "uri",
             "status": messages.STATUS_INVALID,
-            "error": messages.Error(typ="tls", detail="detail"),
+            "error": messages.Error(typ="urn:acme:error:tls", detail="detail"),
         }
 
+        # Prevent future regressions if the error type changes
+        self.assertTrue(kwargs["error"].description is not None)
+
         self.http01 = achallenges.KeyAuthorizationAnnotatedChallenge(
             # pylint: disable=star-args
             challb=messages.ChallengeBody(**kwargs),