diff --git a/pki/denylist.go b/pki/denylist.go
index 0ca4a6a97a..384ef181c6 100644
--- a/pki/denylist.go
+++ b/pki/denylist.go
@@ -142,7 +142,7 @@ func (b *denylistImpl) ValidateCert(cert *x509.Certificate) error {
 				Debug("Rejecting banned certificate")
 
 			// Return an error indicating the certificate has been denylisted
-			return fmt.Errorf("%w: %s", ErrCertBanned, entry.Reason)
+			return ErrCertBanned
 		}
 	}
 
diff --git a/pki/denylist_test.go b/pki/denylist_test.go
index 1ec55f2425..65ed0969b0 100644
--- a/pki/denylist_test.go
+++ b/pki/denylist_test.go
@@ -425,7 +425,7 @@ func TestDenylistedCertificateBlocked(t *testing.T) {
 
 	// Ensure the validation returned an error, meaning the certificate is banned
 	assert.Error(t, err)
-	assert.Equal(t, fmt.Errorf("%w: %s", ErrCertBanned, "baz3"), err)
+	assert.Equal(t, ErrCertBanned, err)
 }
 
 // TestEmptyFieldsDoNotBlock ensures empty fields in a denylist entry cannot block certificates
@@ -456,7 +456,7 @@ func TestEmptyFieldsDoNotBlock(t *testing.T) {
 
 	// Ensure the validation returned an error, meaning the certificate is banned
 	assert.Error(t, err)
-	assert.Equal(t, fmt.Errorf("%w: %s", ErrCertBanned, "baz3"), err)
+	assert.Equal(t, ErrCertBanned, err)
 }
 
 // TestRSACertificateJWKThumbprint ensures ceritficate thumbprints are correctly computed