diff --git a/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php b/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php
index 99e7fa0178..8013b39390 100644
--- a/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php
+++ b/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php
@@ -72,7 +72,8 @@ final class PhabricatorAuthManagementRecoverWorkflow
     $console = PhutilConsole::getConsole();
     $console->writeOut(
       pht(
-        'Use this link to recover access to the "%s" account:',
+        'Use this link to recover access to the "%s" account from the web '.
+        'interface:',
         $username));
     $console->writeOut("\n\n");
     $console->writeOut("    %s", $user->getEmailLoginURI());
diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php
index 974a60b2bb..aecd0e4357 100644
--- a/src/applications/people/storage/PhabricatorUser.php
+++ b/src/applications/people/storage/PhabricatorUser.php
@@ -495,8 +495,18 @@ final class PhabricatorUser
       }
     }
     $token = $this->generateEmailToken($email);
-    $uri = PhabricatorEnv::getProductionURI('/login/etoken/'.$token.'/');
+
+    $uri = '/login/etoken/'.$token.'/';
+    try {
+      $uri = PhabricatorEnv::getProductionURI($uri);
+    } catch (Exception $ex) {
+      // If a user runs `bin/auth recover` before configuring the base URI,
+      // just show the path. We don't have any way to figure out the domain.
+      // See T4132.
+    }
+
     $uri = new PhutilURI($uri);
+
     return $uri->alter('email', $email->getAddress());
   }