READ_REPLICA Failed to obtain connection towards WRITE server

I setup Neo4j 4.0.1 enterprise in a causal cluster with the following nodes:

  • neo4j-01 (CORE)
  • neo4j-02 (CORE)
  • neo4j-03 (CORE)
  • neo4j-04 (READ_REPLICA)

The config for each host is the same with dbms.mode being the obvious exception on neo4j-04. Also, each host generated a self-signed certificate and private key, located in /var/lib/neo4j/certificates.

All of the hosts start Neo4j without any errors in the logs (journalctl --unit=neo4j). The CORE servers seem to be working just fine. I see cluster transactions, leader election, etc. I can also open a cypher-shell and access the Browser interface just fine from any of the CORE hosts. However, when trying to open a cypher-shell on the READ_REPLICA node I get the following error:

Failed to obtain connection towards WRITE server. Known routing table is: Ttl 1586283858104, currentTime 1586283558110, routers AddressSet=[neo4j-04:7687], writers AddressSet=[], readers AddressSet=[neo4j-04:7687], database '<default database>'

Could this be due to how I have TLS configured?

The SSL policy is enabled for HTTPS (7473) and Bolt (7687) but not for cluster discovery (5000), transactions (6000), or RAFT (7000)? The nodes of the cluster don't have the self-signed certificates of the other nodes since it appeared that intra-cluster traffic was only on those 3 non-TLS ports.

Any ideas?

This is what the READ_REPLICA's /var/log/neo4j/debug.log looks like: (couldn't paste the entire thing here)

I added the CORE self-signed certificates to the READ_REPLICA's /var/lib/neo4j/certificates and tried restarting but nothing appeared to change.

Out of curiosity, I modified /etc/neo4j/neo4j.conf on neo4j-04 (designed to be the READ_REPLICA) so that dbms.mode=CORE. Restarted Neo4j and it immediately joined the cluster, synchronized databases, and became available.

Perhaps I'm missing some extra configuration to enable a READ_REPLICA node?