We are currently in the process of fixing our email server's security certificate. Our local domain is wanaque.net, but we are unable to get a certificate for that because someone owns it as a web site. We are changing to wanaque.local, is this a difficult procedure on a server level? I know all of the computers will have to be rejoined to the domain. Thanks for any help you can give.

Why don't you create your own certificate and sign it? Since your domain is "wanaque.local" then you obviously don't need the certificate internet facing. You should install the certificate authority packages on your domain controller and start issuing certs. You should be able to push out your CA key to all machines on the domain.

Is it possible to have one certificate for a local domain and one for the web access?

It sure is. You can also have a CA sign a multi-domain certificate that can be used for internal/external depending on your naming conventions.

You can also set up an internal/external OWA site in IIS and give them different certificates so it will work with the outlook client and web access.