The secondary databases are just "clones" of the primary, so you cannot enable it on just one node.
The way to do it is actually to enable encryption on the primary, then it will replicate by itself if all is well (if you copied the certificate on the secondary nodes).
However, you should really look into MSDN and practice in a virtual lab before doing anything on production. It could be easy to get into an otherwise avoidable situation.
Msg 19405, Level 16, State 17, Line 3 Failed to create, join or add
replica to availability group 'AGName', because node 'Node3' is a
possible owner for both replica 'Node3\ReadOnly' and
'Primary/Primary'. If one replica is failover cluster instance, remove
the overlapped node from its possible owners and try again.
This happens for two main reasons that I've witnessed.
Reason #1 - The resource/group is set to have ownership on the node in error
Sometimes (for a multitude of reasons) resources and resource groups in windows clustering won't always have the same ownership. The best way to diagnose this error is to first check to see what SQL Server (which calls windows clustering APIs) thinks the cluster nodes are:
SELECT * FROM sys.dm_os_cluster_nodes
Once we know what is in the cluster, check via Powershell to see what the cluster thinks the ownership is for the FCI:
Get-ClusterOwnerNode -Resource "SQLFCIInstanceName"
This will return the nodes that could own the cluster resource. Chances are it'll include the node name of a node that we know shouldn't really be there.
To fix this, run the following powershell command:
Get-ClusterResource -Name "SQLFCIInstanceName" | Set-ClusterOwnerNode -Owners NodeName1,NodeName2
Double check by running the first powershell command to check ownership, then try to add the replica to the AG again.
Reason #2 - Node Names + Language != Node Names
If the language used wasn't US_English there would be a good chance that the node names (when compared to each other) wouldn't necessarily compare properly. This would cause a whole bunch of other issues (and it does) with the cluster outside of the AG.
This can be tested by taking the node names, converting them to upper or lower and the comparing them against themselves. Sounds like it should always work... but some languages have special characters that don't do the UPPER and LOWER conversions well.
Best Answer
Since you got SQL 2017 on Windows Server 2016, you can achieve that (what your looking for) with anyone of following options:
Domain-independent Availability Group
For this to happen, you probably have to re-build WSFC as Active Directory-Detached Cluster since your existing WSFC would expect all nodes to be part of same domain. Consider it's bit complex setup compare to LS and required additional maintenance of master keys and certificates as AG Replica's end-points communication completely depends on those.
Log-shipping
Configure the log shipping pointing Listener name (existing AG) as Primary server and new node as Secondary server in Log Shipping topology